Thanks Gary, for the quick and detailed response. I knew RedHat disabled DES by default in the krb client some time ago, and the allow_weak_crypto re-enables it.
But when I checked, the old server did not have this entry either. So I thought this was not it. Now come to think of it, the older server is running Centos 5.5, and the new one is running Centos 6.2. So somewhere in between, RedHat/CentOS might have disabled the DES by default. Here is the link I found at RedHat https://bugzilla.redhat.com/show_bug.cgi?id=573968 Thanks again. On Nov 5, 2012, at 9:45 AM, Gary Buhrmaster wrote: > On Mon, Nov 5, 2012 at 9:41 AM, Gary Buhrmaster > <[email protected]> wrote: > .... >> you may be able enable it in krb5.conf with the permitted_enctypes >> directive in the libdefaults section. > > Depending on your kerberos client, it may be "allow_weak_crypto = true" > > But I still suggest not using DES unless you absolutely have a need > due to other software (*cough* OpenAFS *cough*). > > Gary
