[39131] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: kadmin not working after server migration, but kdc works

daemon@ATHENA.MIT.EDU (Russ Allbery)
Tue Sep 20 16:01:00 2022

From: Russ Allbery <eagle@eyrie.org>
To: Wouter Verhelst <w@uter.be>
In-Reply-To: <Yyn8l/Qed7tgqZqU@pc220518.home.grep.be> (Wouter Verhelst's
 message of "Tue, 20 Sep 2022 19:47:03 +0200")
Date: Tue, 20 Sep 2022 12:56:51 -0700
Message-ID: <871qs5yg3g.fsf@hope.eyrie.org>
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

Wouter Verhelst <w@uter.be> writes:
> On Tue, Sep 20, 2022 at 11:43:40AM -0400, Greg Hudson wrote:

>> From experience, this probably means you have a single-DES enctype
>> listed in supported_enctypes and are using release 1.18.  (In 1.17 or
>> previous the enctype would be recognized; in 1.19 or later the library
>> would ignore the enctype rather than failing out.)  Remove the
>> single-DES enctype and kadmind should start working again.

> So, supported_enctypes is not even in the krb5.conf file; I assume that
> means it then reverts to defaults?

That's your krb5.conf, but the error message is about your kdc.conf
(/etc/krb5kdc/kdc.conf).  It has its own separate supported_enctypes
setting.

-- 
Russ Allbery (eagle@eyrie.org)             <https://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[39131] in Kerberos

Re: kadmin not working after server migration, but kdc works

daemon@ATHENA.MIT.EDU (Russ Allbery)Tue Sep 20 16:01:00 2022

daemon@ATHENA.MIT.EDU (Russ Allbery)
Tue Sep 20 16:01:00 2022