Hi Simon, On Jun 2, 6:00 pm, Simon Wilkinson <[email protected]> wrote: > > Karmic 9.10: OpenSSH 5.1p1-6ubuntu2, libgssapi-krb5-2 > > 1.7dfsg~beta3-1ubuntu0.6 > > Lucid 10.04: OpenSSH 5.3p1-3ubuntu3, libgssapi-krb5-2 1.8.1+dfsg-2 > > This particular version change makes me suspect something related to DES > tickets. Does the service ticket you're trying to obtain have encryption > types other than DES? > > The entire DES removal in 1.8 seems to have been extremely poorly > communicated to the user community at large. I'm not sure whether the > Kerberos Consortium or the downstream vendors should take responsibility for > this, but it is _very_ easy to break production machines in fun and exciting > ways by upgrading to 1.8. My advice, at present, would be to avoid 1.8 > entirely until others have found all of the pain points and the documentation > has been improved.
Thanks for your response. klist -v shows: Ticket etype: des-cbc-md5, kvno 44 Ticket length: 318 If DES has been removed, I guess this could be the problem? After some googling, I can't figure out how to get a list of valid enctypes to try. I tried a few enctypes I found by googling, but they all failed either locally (unrecognized enctype) or remotely (krb5_get_init_creds: KDC has no support for encryption type). Is there a simple way to get a list of valid enctypes? Thanks in advance for any help, - Peter ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
