[36329] in Kerberos
Re: KDC has no support for encryption type
daemon@ATHENA.MIT.EDU (Robert Wehn)
Fri Aug 1 08:23:54 2014
Message-ID: <53DB8642.5050007@rz.uni-augsburg.de>
Date: Fri, 01 Aug 2014 14:21:22 +0200
From: Robert Wehn <robert.wehn@rz.uni-augsburg.de>
MIME-Version: 1.0
To: kerberos@mit.edu
In-Reply-To: <CAJd7XcS0ZcgYJaN7TAPqekxFMd2GKAPcvekhuYERds7WtNXidQ@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Hi Prashant
Am 01.08.2014 11:31, schrieb vijaydpr:
> I'm trying to setup a SSO between a Linux server and a Windows 2008 AD
> server.
> Kinit happens successfully for us , please check the kinit logs below
>
> orsapbisbx01:sbqadm 60> kinit -V -k SBQADM/
> orsapbisbx01.radisys.com@RADISYS.COM
> Using default cache: /tmp/krb5cc_500
> Using principal: SBQADM/orsapbisbx01.radisys.com@RADISYS.COM
> Authenticated to Kerberos v5
>
> Klist lists us the correct kerberos TGT, But the KVNO test fails
>
> orsapbisbx01:sbqadm 64> /usr/bin/kvno SBQADM/
> orsapbisbx01.radisys.com@RADISYS.COM
> kvno: KDC has no support for encryption type while getting credentials for
> SBQADM/orsapbisbx01.radisys.com@RADISYS.COM
> orsapbisbx01:sbqadm 65>
please send us your /etc/krb5.conf , so we can see the encryption types
defined there.
Windows 2008 AD only knows the following encryption types (from secure
to unsecure):
aes256-cts-hmac-sha1-96 , aes128-cts-hmac-sha1-96 , arcfour-hmac-md5
(possible but disabled by default: des-cbc-crc , des-cbc-md5)
Windows 2003 AD only knows
aes128-cts-hmac-sha1-96 , arcfour-hmac-md5 des-cbc-crc , des-cbc-md5
regards, Robert.
--
Dr. Robert Wehn ........................ http://www.rz.uni-augsburg.de
Universität Augsburg, Rechenzentrum ............. Tel. (0821) 598-2047
86135 Augsburg .................................. Fax. (0821) 598-2028
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
