Why does changing supported_enctypes not work?
john at iastate.edu
Wed Oct 8 08:39:13 EDT 2003
The instructions for our VPN server say to
add des-cbc-md5:normal des-cbc-md5:norealm des-cbc-md5:onlyrealm
to the supported_enctypes line in our realm in our krb5.conf
file, then restart the daemons and change a principal's password
and then that principal should have the proper
"DES cbc mode with RSA-MD5, Version 5" key that the VPN needs.
But when I do this, getprinc still just shows:
Number of keys: 1
Key: vno 165, DES cbc mode with CRC-32, Version 4
I don't see any errors in the kdc.log or kad.log
PS, this is krb5-1.2.6 (with patches) on NetBSD if that matters
More information about the Kerberos