Bad encryption type from gss-server

carcassone_fr@yahoo.com carcassone_fr at yahoo.com
Tue Jul 9 16:56:07 EDT 2002


I have KDC installed on a Solaris machine and running gss-server.  I
have gss-client running on either Solaris/HP without any problems.

I build and run gss-server on HP and first I got the error "No such
file or directory".  So I copied /etc/krb5.keytab from the Solaris
machine to /etc on the HP.  Now I run into the next error from
gss-server:

GSS-API error accepting context: Miscellaneous failure
GSS-API error accepting context: Bad encryption type

I did some digging around and readup on the infamous "support_desmd5"
switch.  So on the Solaris machine, I used kadmin.local and:
kadmin.local:  modprinc -support_desmd5 krbtgt/MYREALM.COM at MYREALM.COM
kadmin.local:  getprinc krbtgt/MYREALM.COM at MYREALM.COM
Principal: krbtgt/MYREALM.COM at MYREALM.COM
Expiration date: [never]
Last password change: [never]
Password expiration date: [none]
Maximum ticket life: 0 days 10:00:00
Maximum renewable life: 0 days 00:00:00
Last modified: Tue Jul 09 10:57:45 PDT 2002 (root/admin at MYREALM.COM)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 2
Key: vno 1, Triple DES cbc mode with HMAC/sha1, no salt
Key: vno 1, DES cbc mode with CRC-32, no salt
Attributes:
Policy: [none]

I kdestroy everything on the client, and run gss-client again and
still got the
error "Bad Encryption Type".

> klist -e
Ticket cache: /tmp/krb5cc_108
Default principal: joe at MYREALM.COM

Valid starting     Expires            Service principal
07/09/02 13:10:59  07/09/02 23:10:59  krbtgt/MYREALM.COM at MYREALM.COM
        Etype (skey, tkt): DES cbc mode with CRC-32, etype 16
07/09/02 13:11:51  07/09/02 23:10:59 
test/host1.myrealm.com at MYREALM.COM
        Etype (skey, tkt): DES cbc mode with CRC-32, etype 16


# klist -k -e -t
Keytab name: FILE:/etc/krb5.keytab
KVNO Timestamp         Principal
---- -----------------
--------------------------------------------------------   2 07/09/02
13:11:14 test/host1.myrealm.com at MYREALM.COM (DES cbc mode with CRC-32)
   2 07/09/02 13:11:14 test/host1.myrealm.com at MYREALM.COM (etype 16)

/etc/krb5.conf:
[libdefaults]
        ticket_lifetime = 600
        default_realm = MYREALM.COM
        default_tkt_enctypes = des-cbc-crc
        default_tgs_enctypes = des-cbc-crc

The gss-server/gss-client was from the 1.2.3 branch.

So why do I get this "Bad encryption type" error when running the
gss-server from HP and not from Solaris?



More information about the Kerberos mailing list