Hi All, I have a kerb5 setup with MIT KDC and heimdal client APIs to perform kerb5 authentication. I have created principals without specifying any keysaltlist. A keytab is created by running ktadd. klist shows-
-bash2-2.05b$ sudo ktutil -k /tmp/osqa2.domain.com.keytab list /tmp/osqa2.domain.com: Vno Type Principal 5 des3-cbc-sha1 imap/[EMAIL PROTECTED] 5 des-cbc-crc imap/[EMAIL PROTECTED] (Note: I have replace domain with actual domain name) With this keytab, heimdal client gives authentication failure. When I debugged the code I found that it is failing in verify_checksum function. Authentication is successful, if I specify -e DES-CBC-CRC:normal to ktadd so that the keytab contains just one enctype- des-cbc-crc. It does not seem to be a problem with multiple enctypes, because creating keytab with just des3-cbc-sha1 also does not solve the problem. Is there a known problem with des3 enctype in heimdal ot interoperability between MIT and heimdal for des3 enctype? Thanks in advance, Arati __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
