[35909] in Kerberos
Re: permitted_enctypes = "des-cbc-crc" triggers 'kinit: Generic error
daemon@ATHENA.MIT.EDU (=?KOI8-R?B?z8zYx8Egy9LZ1sHOz9fTy8H)
Fri Mar 21 17:57:46 2014
MIME-Version: 1.0
In-Reply-To: <alpine.GSO.1.10.1403211104230.21026@multics.mit.edu>
Date: Fri, 21 Mar 2014 22:57:28 +0100
Message-ID: <CA+OH3v0aE5WdC+5zVKsQk1dDq_9hvqQ8hpT8e2iEOMGV5+AimQ@mail.gmail.com>
From: =?KOI8-R?B?z8zYx8Egy9LZ1sHOz9fTy8HR?= <olga.kryzhanovska@gmail.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: "<kerberos@mit.edu>" <kerberos@mit.edu>
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
No, allow_weak_crypto is set to true:
[libdefaults]
# default_realm = EXAMPLE.COM
default_realm = MINIPAX.TERRORONWAR.ORG
clockskew = 300
allow_weak_crypto = true
# permitted_enctypes = "des-cbc-crc arcfour-hmac des3-cbc-sha1
aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96"
permitted_enctypes = "des-cbc-crc"
Any other ideas?
Olga
On Fri, Mar 21, 2014 at 4:06 PM, Benjamin Kaduk <kaduk@mit.edu> wrote:
> On Fri, 21 Mar 2014, ольга крыжановская wrote:
>
>> Plain des-cbc-crc only authentication doesn't seem to be supported, any
>> more:
>
>
> Most likely, you still have the 'allow_weak_crypto' setting in krb5.conf at
> its default value, false.
>
> -Ben
>
>
>> $ kadmin
>> Authenticating as principal root/admin@MINIPAX.TERRORONWAR.ORG with
>> password.
>> kadmin: KDC has no support for encryption type while initializing
>> kadmin interface
>>
>> Olga
>>
>> On Thu, Mar 20, 2014 at 11:32 PM, Benjamin Kaduk <kaduk@mit.edu> wrote:
>>>
>>> On Thu, 20 Mar 2014, Wendy Lin wrote:
>>>
>>>> I have this in my Suse 11.3 /etc/krb.conf for libdefaults:
>>>>
>>>> allow_weak_crypto = true
>>>> # permitted_enctypes = "des-cbc-crc arcfour-hmac des3-cbc-sha1
>>>> aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96"
>>>> permitted_enctypes = "des-cbc-crc"
--
, _ _ ,
{ \/`o;====- Olga Kryzhanovska -====;o`\/ }
.----'-/`-/ olga.kryzhanovska@gmail.com \-`\-'----.
`'-..-| / http://twitter.com/fleyta \ |-..-'`
/\/\ Solaris/BSD//C/C++ programmer /\/\
`--` `--`
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
