MSU is preparing to upgrade from MIT Kerberos 1.6x to 1.10.1. While doing some testing of client access I discovered that I was not able to get a token (aklog) after kinit-ing to the test server. In order to make this work we needed to put the following line in the /etc/krb5.conf on the Kerberos KDC. allow_weak_crypto = true
This seems odd to me. I expected to need doing this on the client side not the server. This is related to the afs principal in the KDC no doubt, but I'm not sure why. Any thoughts? If this question belongs on the Kerberos list let me know. Thanks Steve Devine Content and Collaboration Information Technology Services Michigan State University _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
