Jeff Blaine <jbla...@kickflop.net> writes:
> On 12/28/2009 9:41 PM, Tom Yu wrote:
>> Jeff Blaine<jbla...@kickflop.net> writes:
>>
>>> No, that works fine.
>>
>> When running kadmin remotely, does "addprinc" without "-randkey"
>> succeed?
>
> Yup.
This is probably a known bug, #6074. It was fixed in krb5-1.7, but
not back-ported to 1.6.x. Basically, krb5-1.7 causes the RC4
string-to-key to perform a proper UTF-8 conversion, and the "dummy"
password that kadmin uses for performing the "addprinc -randkey"
operation contains octet sequences that are not valid UTF-8. It's
kind of an impedance mismatch between krb5-1.7 and earlier kadmin
clients. Do you have RC4 ("arcfour-hmac-md5", etc.) configured in
your "supported_enctypes" on that KDC?
http://krbdev.mit.edu/rt/Ticket/Display.html?id=6074&user=guest&pass=guest
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
