[36794] in Kerberos
Re: ksu problem with "Version: 1.12+dfsg-2ubuntu5.1"
daemon@ATHENA.MIT.EDU (Giuseppe Mazza)
Tue Feb 17 14:40:28 2015
Message-ID: <54E39918.3090404@imperial.ac.uk>
Date: Tue, 17 Feb 2015 19:40:08 +0000
From: Giuseppe Mazza <g.mazza@imperial.ac.uk>
MIME-Version: 1.0
To: Benjamin Kaduk <kaduk@mit.edu>
In-Reply-To: <alpine.GSO.1.10.1502171236030.3953@multics.mit.edu>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 17/02/15 17:36, Benjamin Kaduk wrote:
> On Tue, 17 Feb 2015, Giuseppe Mazza wrote:
>
>> However on the client I have got:
>> client% head -5 /etc/krb5.conf
>> [appdefaults]
>> # [dwm] necessary for DOC.IC.AC.UK
>> allow_weak_crypto=true
>
> allow_weak_crypto is applicable in the [libdefaults] section, not
> [appdefaults]. Was your text quoted above a typo, or does it reflect your
> actual krb5.conf?
>
> -Ben Kaduk
>
Sorry...
Please, find a better view of a my client configuration below:
client% head -20 /etc/krb5.conf
[appdefaults]
# [dwm] necessary for DOC.IC.AC.UK
allow_weak_crypto=true
[libdefaults]
default_realm = DOC.IC.AC.UK
# The following krb5.conf variables are only for MIT Kerberos.
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
# [dwm] necessary for DOC.IC.AC.UK
allow_weak_crypto=true
# The following encryption type specification will be used by MIT Kerberos
# if uncommented. In general, the defaults in the MIT Kerberos code are
All the best,
Giuseppe
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
