[32137] in Kerberos
Re: Win 2008R2 kdc and linux client: no support for encryption type
daemon@ATHENA.MIT.EDU (Lars Schimmer)
Wed Mar 10 04:20:26 2010
To: undisclosed-recipients:;undisclosed-recipients:;@MIT.EDU
Message-ID: <4B976450.1060406@cgv.tugraz.at>
Date: Wed, 10 Mar 2010 10:20:16 +0100
From: Lars Schimmer <l.schimmer@cgv.tugraz.at>
MIME-Version: 1.0
CC: kerberos@mit.edu
In-Reply-To: <4B967BD9.6030501@anl.gov>
X-SA-Exim-Mail-From: l.schimmer@cgv.tugraz.at
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Douglas E. Engert wrote:
>
>
>> What user are you using with the kinit?
I did used the users with "use DES enctypes" enabled.
Now I tried with the users without this function enabled and I get
tickets. But no tokens :-(
Error:
adiotest:~# kinit schimmer
Password for schimmer@CGV.TUGRAZ.AT:
adiotest:~# aklog
aklog: Couldn't get cgv.tugraz.at AFS tickets:
aklog: unknown RPC error (-1765328370) while getting AFS tickets
adiotest:~# tokens
Tokens held by the Cache Manager:
--End of list--
adiotest:~#
klist -e
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: schimmer@CGV.TUGRAZ.AT
Valid starting Expires Service principal
03/10/10 10:18:24 03/11/10 10:18:24 krbtgt/CGV.TUGRAZ.AT@CGV.TUGRAZ.AT
Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5
So looks like no DES enctype for OpenAFS.
But I need DES enctypes.
>> Does a network trace show anything?
Not so far yet.
>> We have seen issues with using the kinit -k with a keytab
>> if the keytab does not have the highest enctype both client and server
>> support (AES256).
I want to obtain tokens with the PAM module later on (and on Windows 7
while login, I never used the -k option so far).
>> All of our DCs are now 2008R2, and afs aklog works well on
>> and Solaris 9 and 10; Ubuntu Dapper-Karmic; Windows XP, Vista and W7
>> clients.
I want that setup, to. But how do I enable the DES enctypes....
Thank you so far.
MfG,
Lars Schimmer
- --
- -------------------------------------------------------------
TU Graz, Institut für ComputerGraphik & WissensVisualisierung
Tel: +43 316 873-5405 E-Mail: l.schimmer@cgv.tugraz.at
Fax: +43 316 873-5402 PGP-Key-ID: 0x4A9B1723
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkuXZFAACgkQmWhuE0qbFyO+/ACfZeLhC4QIOMfqps3lcfn3ZSt9
UMAAn23FFFLy4UezmaBUuD96sX48Y2Ja
=/uXf
-----END PGP SIGNATURE-----
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
