try after including the unlimited strength policy files [1] [1] http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html
On Thu, Aug 30, 2012 at 3:26 PM, Ivan Frain <[email protected]> wrote: > Thanks for your quick answer ! > > I switched to ApacheDS 2.0.0.M7 > My first try also gave me the same answer on my kinit request. > But I have changed my krb5.conf (see below) to allow weak type > (des-cbc-md5) thus the encryption type is supported now. > > And finally I was able to authenticate. Great ! > > However I have still the problem for strong type like aes256. Do you have > any idea ? > It is not mandatory for me at the moment but it could be great if I > understand what's happening in that case. > > Thanks for your support. > > BR, > Ivan > > > ---- krb5.conf ---- > [libdefaults] > default_realm = HADOOP.LAN > allow_weak_crypto = true > default_tkt_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1 > default_tgs_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1 > permitted_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1 > > [realms] > HADOOP.LAN = { > kdc = mac.hadoop.lan:60088 > } > > [domain_realm] > .hadoop.lan = HADOOP.LAN > hadoop.lan = HADOOP.LAN > > > > > 2012/8/30 Emmanuel Lécharny <[email protected]> > >> Le 8/30/12 10:31 AM, Ivan Frain a écrit : >> >> Hi all, >>> >>> I am having trouble with the configuration of apcheDS kdcServer >>> configuration. >>> I am using apacheDS 1.5.7 from tar.gz archive and running on Mac OS X. >>> My java version "1.7.0_05" 64 bits >>> >>> I have successfully started the server and kdcServer is up and running. >>> I have configured the partition and set up one user. The krb5key was >>> generated since I enable the keyDerivation interceptor. >>> >>> The problem comes when I use kinit: >>> >>> $ kinit [email protected] >>> [email protected]'s Password: >>> kinit: krb5_get_init_creds: KDC has no support for encryption type >>> >>> >>> Any help would be much appreciated. >>> >> >> Have you tried with the latest version, 2.0.0-M7 ? >> >> We have fixed *many* issues since 1.5.7, including kerberos bugs... >> >> >> -- >> Regards, >> Cordialement, >> Emmanuel Lécharny >> www.iktek.com >> >> > > > -- > Ivan Frain > 11, route de Grenade > 31530 Saint-Paul-sur-Save > mobile: +33 (0)6 52 52 47 07 -- Kiran Ayyagari http://keydap.com
