MIT-Heimdal interop issues
Donn Cave
donn at drizzle.com
Wed Mar 24 00:55:56 EST 2004
Quoth digant at uta.edu (Digant Kasundra):
| Well, for some reason, I'm not getting good results. getting a ticket with
| kinit on the heimdal side works great if I specify a password. But when
| using a keytab, it will only work if I tell it manually what encryption type
| to use, even though ktutil identifies the enc type correctly when listing
| the keys in that keytab.
|
| I think this is the major contributor to my gssapi bind failing on openldap.
The way I remember it, Heimdal looks for different keywords in the
/etc/krb5.conf configuration file. I forget which is whose, but ours
now looks like
[libdefaults]
default_tkt_enctypes = des-cbc-crc
default_tgs_enctypes = des-cbc-crc
default_etypes = des-cbc-crc
default_etypes_des = des-cbc-crc
and a couple of those could be there in case a Heimdal client shows up.
Donn Cave, donn at u.washington.edu
More information about the Kerberos
mailing list