Peter Waller <[email protected]> writes:
> Thanks for your response.
> klist -v shows:
> Ticket etype: des-cbc-md5, kvno 44
> Ticket length: 318
> If DES has been removed, I guess this could be the problem?
> After some googling, I can't figure out how to get a list of valid
> enctypes to try. I tried a few enctypes I found by googling, but they
> all failed either locally (unrecognized enctype) or remotely
> (krb5_get_init_creds: KDC has no support for encryption type). Is
> there a simple way to get a list of valid enctypes?
I suspect that if you add:
allow_weak_crypto = true
to the [libdefaults] section of krb5.conf on both the client and server,
everything will start working again. The problem is that one of the
Kerberos keys involved probably only has DES keys, so the only options are
to change the key to add more enctypes or to enable DES.
--
Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
