service principals in AD fro unix kerberos clients

Ryan Odgers odgersr at out.co.za
Thu Jan 29 08:37:54 EST 2004


I created them with ktpass using the defaults of which DES-CBC-CRC should be
the default. I also tried switching my server to use MD5 type encryption and
using the -crytpo switch in ktpass I created MD5 service types.

when creating the host service principal, do I need to use the -ptype switch
for anything?
Does the telnet service uses the host service principal? or do I need a
seperate telnet service principal in the KDC?


When I do a klist an 2000 workstation, it looks like the krbtgt ticket is
using RC4-HMAC encryption. How can I confirm the encryption types for these
two entities?

Thanks again.
"Jeffrey Altman" <jaltman2 at nyc.rr.com> wrote in message
news:401900C4.7010203 at nyc.rr.com...
> What are the service principal and session key keytypes for the
> host/unixhost.domain at DOMAIN ticket?
>
> If they are not  DES-CBC-CRC  then you will not be able to
> negotiate DES encryption in Telnet protocol.
>
>
>
> Ryan Odgers wrote:
> > I get the following error when trying to connect with kermit telnet:
> > key size is not compatible with encryption type
> >
> > I have set the UNIX kerberos client to use DES-CBC-CRC encryption.
> > If I look in the Leash ticket manger, after trying to connect to from
kermit
> > to the UNIX host, I have the krbtgt ticket from the AD, as well as the
> > host/unixhost.domain at DOMAIN ticket.
> > Version of kerberos on UNIX is HP's version of Kerberos which comes with
> > 11.11




More information about the Kerberos mailing list