>>>>> "John" == John Hascall <[EMAIL PROTECTED]> writes:
John> The instructions for our VPN server say to add
John> des-cbc-md5:normal des-cbc-md5:norealm des-cbc-md5:onlyrealm
John> to the supported_enctypes line in our realm in our krb5.conf
John> file, then restart the daemons and change a principal's
John> password and then that principal should have the proper "DES
John> cbc mode with RSA-MD5, Version 5" key that the VPN needs.
I'm not really sure, but the following appears to work fine for me:
kadmin.local: addprinc -e des-cbc-md5:normal md5
WARNING: no policy specified for [EMAIL PROTECTED]; defaulting to no policy
Enter password for principal "[EMAIL PROTECTED]":
Re-enter password for principal "[EMAIL PROTECTED]":
Principal "[EMAIL PROTECTED]" created.
kadmin.local: getprinc md5
Principal: [EMAIL PROTECTED]
Expiration date: [never]
Last password change: Wed Oct 08 12:27:23 EDT 2003
Password expiration date: [none]
Maximum ticket life: 0 days 10:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Wed Oct 08 12:27:23 EDT 2003 (root/[EMAIL PROTECTED])
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 1
Key: vno 1, DES cbc mode with RSA-MD5, no salt
Attributes: REQUIRES_PRE_AUTH
Policy: [none]
You should be aware that MIt Kerberos will never issue a session key
using des-cbc-md5.
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
