jean-yves chateaux <[email protected]> writes: > The errors are the results of MIT resolution to exclude DES/DES3 from the supported enctypes (security reasons).
DES3 was not marked as "weak". Neither was rc4-hmac (enctype 23). The "export-grade" rc4-hmac-exp is enctype 24 and was marked as weak, but that doesn't explain the "KRB5KDC_ERR_ETYPE_NOSUPP" when requesting rc4-hmac (23). > The parameter "allow_weak_crypto = true" should be added in the default [libdefaults] section of /etc/krb5.conf. > Adding this parameter solved the errors of the original bug report but leads to a new one: likewise+krb5 cannot get the authenticated user groups correctly from the ADS when trying to browse samba shares using tickets. The user groups problem probably has nothing to do with disabling weak crypto. I think more information is needed. In particular, what package versions for the krb5 packages are in each configuration? -- krb5 and ADS error using 10.04, not 9.04 https://bugs.launchpad.net/bugs/567188 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
