[32203] in Kerberos
Re: CANT_FIND_CLIENT_KEY
daemon@ATHENA.MIT.EDU (Matt Zagrabelny)
Tue Mar 30 17:42:08 2010
From: Matt Zagrabelny <mzagrabe@d.umn.edu>
To: Russ Allbery <rra@stanford.edu>
In-Reply-To: <87d3ylikc4.fsf@windlord.stanford.edu>
Date: Tue, 30 Mar 2010 16:41:23 -0500
Message-ID: <1269985283.4868.170.camel@grateful.d.umn.edu>
Mime-Version: 1.0
Cc: kerberos <kerberos@mit.edu>
Content-Type: multipart/mixed; boundary="===============0416640009=="
Errors-To: kerberos-bounces@mit.edu
--===============0416640009==
Content-Type: multipart/signed; micalg="pgp-sha1";
protocol="application/pgp-signature";
boundary="=-m+o5OCNpFWc3SloIlWW5"
--=-m+o5OCNpFWc3SloIlWW5
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
On Tue, 2010-03-30 at 14:13 -0700, Russ Allbery wrote:
> Matt Zagrabelny <mzagrabe@d.umn.edu> writes:
>=20
> > Through some trial-and-error I am currently getting the following error
> > in the kdc.log:
>=20
> > AS_REQ (1 etypes {1}) 10.25.1.14: CANT_FIND_CLIENT_KEY:
> > mzagrabe@D.UMN.EDU for krbtgt/D.UMN.EDU@D.UMN.EDU, KDC has no support
> > for encryption type
>=20
> > I assume the encryption type is (1) des-cbc-crc.
>=20
> > How do I make the KDC have support for the encryption type? It looks
> > like I already have it:
>=20
> Add:
>=20
> [libdefaults]
> allow_weak_crypto =3D true
Thanks for the quick help, Russ. Still the same problem, though.
# grep -B1 allow_weak_crypto /etc/krb5.conf
[libdefaults]
allow_weak_crypto =3D true
# /etc/init.d/krb5-kdc restart
% telnet blah...
AS_REQ (1 etypes {1}) 10.25.1.14: CANT_FIND_CLIENT_KEY:
mzagrabe@D.UMN.EDU for krbtgt/D.UMN.EDU@D.UMN.EDU, KDC has no support
for encryption type
Any other ideas?
--=20
Matt Zagrabelny - mzagrabe@d.umn.edu - (218) 726 8844
University of Minnesota Duluth
Information Technology Systems & Services
PGP key 4096R/42A00942 2009-12-16
Fingerprint: 5814 2CCE 2383 2991 83FF C899 07E2 BFA8 42A0 0942
He is not a fool who gives up what he cannot keep to gain what he cannot
lose.
-Jim Elliot
--=-m+o5OCNpFWc3SloIlWW5
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAABAgAGBQJLsnACAAoJEAfiv6hCoAlCWogP/iMeeNlozGkSz7WVONIHyW31
CGiCUNqrZ5FQfhVjiG+0Q2Jd1WVKf681WM0pfLsR4YQE/lBlc80dT2Gl8NBYMw/0
F+3ax7fw4fZq0yxil07nnMVVwWl7pUbbFVvg58NGFJXD9VAYFRR4B0ZBy4Iy9YMe
zsHvOJIUewV5mcTQRo8vMXCjh84uD+XP6t0iGMU8iTrcXZHg/oqX5MZ5Tdt0GoDE
wZGFE0Pv4KKdanKHC0CnYAXn8cgXklY5yOmG8WRhy4UzOmsgLmzdzfkdY4Gd61Nr
D8MT0LoNLkif2n4K7L6evAkCcQPFaObGimzfarLbPwcZlUFfx+EwzbrVnClbgjpb
F9I4L+Di5o5ca+n00Zt1B7wfgTvAXgTxA8kZ1xdomEjSkUIR+JHMVicXFxudLYhe
7oqL9B5ERYjWD4DiwmVMenJxQd4YxHN4Hfi3QBkDgq8g3MpSXjVb4j+H/XOSF3GM
zxx1Ak+r3LbblxcBxlpcZTvxfpMj6eftsOD7gTrxP5kRpBZLiKA7a5Z1HImKXfLi
9LpydARFAnh5C+7CYi1r8nudeHUVmDYYAGZVwse2m9Tw4begsI+x0HapBe6cSMAu
DtP9jhk6/KV0NRjAizOie46opVPKzP9XdzeezJwgH04kZ44Cs/jqBzmLArsFstgR
nUGVstZdSf1wllrldXOn
=Cg2l
-----END PGP SIGNATURE-----
--=-m+o5OCNpFWc3SloIlWW5--
--===============0416640009==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============0416640009==--
