RE: kadmin ktadd -e keysaltlist for des-cbc-md5

Tim Alsop Tue, 12 Sep 2006 15:00:27 -0700

Tom,

Using MIT krb5 1.5.1, I tried this :


kadmin.local:  addprinc -randkey test/[EMAIL PROTECTED]
WARNING: no policy specified for test/[EMAIL PROTECTED]; defaulting to no
policy
Principal "test/[EMAIL PROTECTED]" created.
kadmin.local:  ktadd -e DES-CBC-MD5:NORMAL test/princ
Entry for principal test/princ with kvno 3, encryption type DES cbc mode
with RSA-MD5 added to keytab WRFILE:/etc/krb5.keytab.
kadmin.local:

As you can see, this works fine, and I don't get any errors like you
did.

I then used CyberSafe client to test the principal in KDC is ok ?

I first requested a TGT from the MIT KDC :

# kinit [EMAIL PROTECTED]
Password for [EMAIL PROTECTED]: 
#

Then, using kinit -S I was able to get a service ticket with DES-CBC-MD5
(etype 3) session key using the principal just created. As you can see
below, this works :

# kinit -S test/[EMAIL PROTECTED]
# klist -e
          Cache Type: Kerberos V5 Credentials Cache
          Cache File: /krb5/tmp/cc/krb5cc_0
       Cache Version: 0504
   Default Principal: [EMAIL PROTECTED]

Valid From                    Expires                       Service
Principal
----------------------------  ----------------------------
-----------------
Tue 12 Sep 2006 22:52:19 BST  Wed 13 Sep 2006 06:52:19 BST
krbtgt/[EMAIL PROTECTED]
   Session Key EType: 23 (ARCFOUR-HMAC-MD5)
        Ticket EType: 23 (ARCFOUR-HMAC-MD5)
Tue 12 Sep 2006 22:52:25 BST  Wed 13 Sep 2006 06:52:19 BST
test/[EMAIL PROTECTED]
   Session Key EType:  1 (DES-CBC-CRC)
        Ticket EType:  3 (DES-CBC-MD5)
#

I hope this helps.

Regards,
Tim

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Tom Simons
Sent: 12 September 2006 22:18
To: [email protected]
Subject: kadmin ktadd -e keysaltlist for des-cbc-md5

I'm trying to get a keytab with des-cbc-md5 encryption (no salt) from
our
kerberos 1.5 realm for a CyberSafe client. How do I specify the ktadmin
ktadd command's "-e keysaltlist" parameter?  I tried variations on
"ktadd -k
<filename> -e ENCTYPE_DES_CBC_MD5:NONE", but get the same error:

    kadmin:  ktadd -k host.TESTMIT.keytab -e ENCTYPE_DES_CBC_MD5:NOSALT
    ktadd: Invalid argument while parsing keysalts ENCTYPE_DES_CBC_MD5
________________________________________________
Kerberos mailing list           [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos

________________________________________________
Kerberos mailing list           [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos

RE: kadmin ktadd -e keysaltlist for des-cbc-md5

Reply via email to