On Tue, 2010-03-30 at 14:46 -0700, Russ Allbery wrote: > Matt Zagrabelny <[email protected]> writes: > > > Thanks for the quick help, Russ. Still the same problem, though. > > > # grep -B1 allow_weak_crypto /etc/krb5.conf > > [libdefaults] > > allow_weak_crypto = true > > > # /etc/init.d/krb5-kdc restart > > > % telnet blah... > > > AS_REQ (1 etypes {1}) 10.25.1.14: CANT_FIND_CLIENT_KEY: > > [email protected] for krbtgt/[email protected], KDC has no support > > for encryption type > > > Any other ideas? > > You need it on the client in addition to the server.
Good to know. :)
Unfortunately, the client is a Cisco Catalyst 3750. :/
workstation% telnet.netkit switch3750
Trying 10.25.1.14...
'autologin': unknown argument ('toggle ?' for help).
Connected to switch3750.d.umn.edu.
Escape character is '^]'.
User Access Verification
Username: mzagrabe
Password:
% Authentication failed
switch3750 has a "pam-krb5-like" authentication mechanism for its telnet
daemon.
So, I am _not_ trying kerberized telnet right now, just trying to get
the switch to play nicely in my realm.
If typing usernames and passwords into switching gear was more fun I
would be less determined to get this working. Having said that, any
other ideas?
Thanks,
--
Matt Zagrabelny - [email protected] - (218) 726 8844
University of Minnesota Duluth
Information Technology Systems & Services
PGP key 4096R/42A00942 2009-12-16
Fingerprint: 5814 2CCE 2383 2991 83FF C899 07E2 BFA8 42A0 0942
He is not a fool who gives up what he cannot keep to gain what he cannot
lose.
-Jim Elliot
signature.asc
Description: This is a digitally signed message part
________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
