[32201] in Kerberos
CANT_FIND_CLIENT_KEY
daemon@ATHENA.MIT.EDU (Matt Zagrabelny)
Tue Mar 30 17:00:26 2010
From: Matt Zagrabelny <mzagrabe@d.umn.edu>
To: kerberos <kerberos@mit.edu>
Date: Tue, 30 Mar 2010 15:58:14 -0500
Message-ID: <1269982694.4868.165.camel@grateful.d.umn.edu>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1543579281=="
Errors-To: kerberos-bounces@mit.edu
--===============1543579281==
Content-Type: multipart/signed; micalg="pgp-sha1";
protocol="application/pgp-signature";
boundary="=-BP8UjyyH6YEp9PiKFcpb"
--=-BP8UjyyH6YEp9PiKFcpb
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Greetings,
I sent an email to the list a week regarding issues with a cisco switch
in an MIT Kerberos realm.
Through some trial-and-error I am currently getting the following error
in the kdc.log:
AS_REQ (1 etypes {1}) 10.25.1.14: CANT_FIND_CLIENT_KEY:
mzagrabe@D.UMN.EDU for krbtgt/D.UMN.EDU@D.UMN.EDU, KDC has no support
for encryption type
I assume the encryption type is (1) des-cbc-crc.
How do I make the KDC have support for the encryption type? It looks
like I already have it:
% cat /etc/krb5kdc/kdc.conf
[kdcdefaults]
kdc_ports =3D 750,88
[realms]
D.UMN.EDU =3D {
database_name =3D /var/lib/krb5kdc/principal
admin_keytab =3D FILE:/etc/krb5kdc/kadm5.keytab
acl_file =3D /etc/krb5kdc/kadm5.acl
key_stash_file =3D /etc/krb5kdc/stash
kdc_ports =3D 750,88
max_life =3D 10h 0m 0s
max_renewable_life =3D 7d 0h 0m 0s
master_key_type =3D des3-hmac-sha1
supported_enctypes =3D aes256-cts:normal arcfour-hmac:normal
des3-hmac-sha1:normal des3-cbc-md5:normal des-cbc-crc:normal des:normal
des:v4 des:norealm des:onlyrealm des:afs3
default_principal_flags =3D +preauth
}
That is, des-cbc-crc:normal is in the above list of
"supported_enctypes".
Thanks for any help,
--=20
Matt Zagrabelny - mzagrabe@d.umn.edu - (218) 726 8844
University of Minnesota Duluth
Information Technology Systems & Services
PGP key 4096R/42A00942 2009-12-16
Fingerprint: 5814 2CCE 2383 2991 83FF C899 07E2 BFA8 42A0 0942
He is not a fool who gives up what he cannot keep to gain what he cannot
lose.
-Jim Elliot
--=-BP8UjyyH6YEp9PiKFcpb
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAABAgAGBQJLsmXlAAoJEAfiv6hCoAlCAbkP/joIOZhQmwXw90yrdBCt54+t
UALAL6lU7mjgIRkw8P8Or1A6fyKgy7gDmfDQ+MA1+vDHTQoDjQuwFd2EDLtuDEqW
gTTMJQCS76tLu1Xl3x1MYaANkBfSwnt1iAJZsvdwgK+pYfl9gi4iRGLC/bMIba+T
T4Z0KM62HvTWZCpeGgM4t4H5yP73mLoNV83BFpHMZ/NEmx8jWwH0sxm0EUzrPIUd
ObG/bVLuHBM/EFqklAtZpSnN2I0Thb1nGXyqosGuccKKtKjKk8DlsAWvh5crbjat
7mKczcGPHF/GUBVqNGtsrkiLAqfaWVVhO7FUnKtDKuvIcOpuR1D2JFl0+YboZfb2
f+YdnW3vI8m8XZNRNvOxL6FKBO/bCRqR1jgoBmnouaCArLCYRzdWubs7Gx0PzkrS
JpcQ8fMQKc1d085ZGqPzucW9RwEu+A2Mdx0JJ2hmirzMSX3UoNJgnhKEUiX+usr4
CVu3oeiarZKyxGDQcUZTKj9/XGyPaVzpNngffSOMXEu83aQIR9pkUi/0ideeKXmx
B8yPABDooDK07wU2xXbsEI4BRDium/A+J8FqeYgQLfRMiQu+ILwAR9gd6B+sRKZ/
kk6uWeLxPLpXtzRkQ/XecYmOig3wv03D+LaXAqA6NGgGkSBzMU/Vl8wD2HYGJa9M
J7scEq8h4R3qyuZJ28nT
=yTgV
-----END PGP SIGNATURE-----
--=-BP8UjyyH6YEp9PiKFcpb--
--===============1543579281==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============1543579281==--
