Alan Ge <[email protected]> writes: > Thanks Gary, for the quick and detailed response.
> I knew RedHat disabled DES by default in the krb client some time ago, > and the allow_weak_crypto re-enables it. > But when I checked, the old server did not have this entry either. So I > thought this was not it. > Now come to think of it, the older server is running Centos 5.5, and the > new one is running Centos 6.2. > So somewhere in between, RedHat/CentOS might have disabled the DES by > default. Yes, I'm fairly sure they did, since this was a change in the underlying MIT Kerberos libraries that I believe disabled DES by default in that time frame. -- Russ Allbery <[email protected]> Technical Lead, ITS Infrastructure Delivery Group, Stanford University
