Quoth [EMAIL PROTECTED] (Digant Kasundra):
| Well, for some reason, I'm not getting good results. getting a ticket with
| kinit on the heimdal side works great if I specify a password. But when
| using a keytab, it will only work if I tell it manually what encryption type
| to use, even though ktutil identifies the enc type correctly when listing
| the keys in that keytab.
|
| I think this is the major contributor to my gssapi bind failing on openldap.
The way I remember it, Heimdal looks for different keywords in the
/etc/krb5.conf configuration file. I forget which is whose, but ours
now looks like
[libdefaults]
default_tkt_enctypes = des-cbc-crc
default_tgs_enctypes = des-cbc-crc
default_etypes = des-cbc-crc
default_etypes_des = des-cbc-crc
and a couple of those could be there in case a Heimdal client shows up.
Donn Cave, [EMAIL PROTECTED]
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
