Invalid key generation parameters from KDC while trying to change password.
Edgecombe, Jason
jwedgeco at uncc.edu
Wed Oct 23 15:22:39 EDT 2013
Hi Everyone,
Thanks to Ben Kaduk and others on IRC, I solved the problem. The problem was with my supported_enctypes line in kdc.conf. The newer version of Kerberos didn't like some of my enc_types. I got "kdb5_util create" to work on 1.11 with only DES types or removing the support_enctypes line entirely.
Along the way, I found that I have to change my AD cross-realm to use AES instead of rc4-hmac:normal before I can upgrade. :(
Thanks to everyone!
Jason
---------------------------------------------------------------------------
Jason Edgecombe | Linux and Solaris Administrator
UNC Charlotte | The William States Lee College of Engineering
9201 University City Blvd. | Charlotte, NC 28223-0001
Phone: 704-687-1943
jwedgeco at uncc.edu | http://engr.uncc.edu | Facebook
---------------------------------------------------------------------------
If you are not the intended recipient of this transmission or a person responsible for delivering it to the intended recipient, any disclosure, copying, distribution, or other use of any of the information in this transmission is strictly prohibited. If you have received this transmission in error, please notify me immediately by reply e-mail or by telephone at 704-687-1943. Thank you.
-----Original Message-----
From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On Behalf Of Edgecombe, Jason
Sent: Wednesday, October 23, 2013 11:35 AM
To: 'Benjamin Kaduk'
Cc: 'kerberos at mit.edu'
Subject: RE: Invalid key generation parameters from KDC while trying to change password.
My kdc.conf is attached.
---------------------------------------------------------------------------
Jason Edgecombe | Linux and Solaris Administrator
UNC Charlotte | The William States Lee College of Engineering
9201 University City Blvd. | Charlotte, NC 28223-0001
Phone: 704-687-1943
jwedgeco at uncc.edu | http://engr.uncc.edu | Facebook
---------------------------------------------------------------------------
If you are not the intended recipient of this transmission or a person responsible for delivering it to the intended recipient, any disclosure, copying, distribution, or other use of any of the information in this transmission is strictly prohibited. If you have received this transmission in error, please notify me immediately by reply e-mail or by telephone at 704-687-1943. Thank you.
-----Original Message-----
From: Benjamin Kaduk [mailto:kaduk at MIT.EDU]
Sent: Wednesday, October 23, 2013 11:27 AM
To: Edgecombe, Jason
Cc: 'kerberos at mit.edu'
Subject: RE: Invalid key generation parameters from KDC while trying to change password.
On Wed, 23 Oct 2013, Edgecombe, Jason wrote:
> Hi everyone,
>
> I've been able to reproduce my problem on a test system and simplify the
> failure case. I can also reproduce the error when initializing the KDC
> database.
>
> When I run:
>
> kdb5_util create
>
> I get the following error after entering the password for the master key:
>
> kdb5_util: Invalid key generation parameters from KDC while creating principal kadmin/host.example.com at EXAMPLE.COM
>
> Does anyone have any suggestions on this?
Can you post your krb5.conf/kdc.conf?
-Ben Kaduk
More information about the Kerberos
mailing list