Why does changing supported_enctypes not work?

John Hascall john at iastate.edu
Wed Oct 8 08:39:13 EDT 2003

The instructions for our VPN server say to
add des-cbc-md5:normal des-cbc-md5:norealm des-cbc-md5:onlyrealm
to the supported_enctypes line in our realm in our krb5.conf
file, then restart the daemons and change a principal's password
and then that principal should have the proper
"DES cbc mode with RSA-MD5, Version 5" key that the VPN needs.

But when I do this, getprinc still just shows:
Number of keys: 1                                                               
Key: vno 165, DES cbc mode with CRC-32, Version 4                               

I don't see any errors in the kdc.log or kad.log

Any ideas?

PS, this is krb5-1.2.6 (with patches) on NetBSD if that matters

More information about the Kerberos mailing list