[36795] in Kerberos
Re: ksu problem with "Version: 1.12+dfsg-2ubuntu5.1"
daemon@ATHENA.MIT.EDU (Benjamin Kaduk)
Tue Feb 17 17:51:58 2015
Date: Tue, 17 Feb 2015 17:51:39 -0500 (EST)
From: Benjamin Kaduk <kaduk@mit.edu>
To: Giuseppe Mazza <g.mazza@imperial.ac.uk>
In-Reply-To: <54E39918.3090404@imperial.ac.uk>
Message-ID: <alpine.GSO.1.10.1502171749040.3953@multics.mit.edu>
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Tue, 17 Feb 2015, Giuseppe Mazza wrote:
> On 17/02/15 17:36, Benjamin Kaduk wrote:
> > On Tue, 17 Feb 2015, Giuseppe Mazza wrote:
>
>
> client% head -20 /etc/krb5.conf
> [appdefaults]
> # [dwm] necessary for DOC.IC.AC.UK
> allow_weak_crypto=true
>
> [libdefaults]
> default_realm = DOC.IC.AC.UK
>
> # The following krb5.conf variables are only for MIT Kerberos.
> krb4_config = /etc/krb.conf
> krb4_realms = /etc/krb.realms
> kdc_timesync = 1
> ccache_type = 4
> forwardable = true
> proxiable = true
>
> # [dwm] necessary for DOC.IC.AC.UK
> allow_weak_crypto=true
>
> # The following encryption type specification will be used by MIT Kerberos
> # if uncommented. In general, the defaults in the MIT Kerberos code are
Are any of the encryption type specifications in the following lines of
the file uncommented?
I don't think we've heard any other reports of this sort of issue with
ksu, and I don't think that its code does anything special that would fail
to respect allow_weak_crypto, so I am rather puzzled at the behavior you
are seeing.
Also, you say you are upgrading to Ubuntu 14.04 with krb5
1.12+dfsg-2ubuntu5.1, but what version were you upgrading from? The krb5
1.10+dfsg~beta1-2ubuntu0.6 in Ubuntu 12.04?
-Ben
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
