Hi Prashant Am 01.08.2014 11:31, schrieb vijaydpr: > I'm trying to setup a SSO between a Linux server and a Windows 2008 AD > server. > Kinit happens successfully for us , please check the kinit logs below > > orsapbisbx01:sbqadm 60> kinit -V -k SBQADM/ > [email protected] > Using default cache: /tmp/krb5cc_500 > Using principal: SBQADM/[email protected] > Authenticated to Kerberos v5 > > Klist lists us the correct kerberos TGT, But the KVNO test fails > > orsapbisbx01:sbqadm 64> /usr/bin/kvno SBQADM/ > [email protected] > kvno: KDC has no support for encryption type while getting credentials for > SBQADM/[email protected] > orsapbisbx01:sbqadm 65> please send us your /etc/krb5.conf , so we can see the encryption types defined there.
Windows 2008 AD only knows the following encryption types (from secure to unsecure): aes256-cts-hmac-sha1-96 , aes128-cts-hmac-sha1-96 , arcfour-hmac-md5 (possible but disabled by default: des-cbc-crc , des-cbc-md5) Windows 2003 AD only knows aes128-cts-hmac-sha1-96 , arcfour-hmac-md5 des-cbc-crc , des-cbc-md5 regards, Robert. -- Dr. Robert Wehn ........................ http://www.rz.uni-augsburg.de Universität Augsburg, Rechenzentrum ............. Tel. (0821) 598-2047 86135 Augsburg .................................. Fax. (0821) 598-2028 ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
