Problem authenticating against Windows 2000...

Daniel Seagraves dseagrav at
Thu Sep 16 15:42:39 EDT 2004

I'm attempting to get Debian to authenticate users against a Windows 2000
Active Directory via krb5... Documentation for this is a bit
contradictory. In any event, I have it working as far as kinit is
concerned - I can give "kinit (username)" and authenticate any user I know
the password for, and "kinit -k" works to obtain a host ticket. My problem
is in PAM but may not be relevant to PAM - When pam_krb5 attempts to
authenticate a user it gives the following:

verify_krb_v5_tgt(): krb5_mk_req(): No credentials found with supported
encryption types

The only authentication types supported by Windows (according to
Microsoft) are des-cbc-md5 and des-cbc-crc, both of those are listed in
default_tgt_enctypes and default_tgs_enctypes in krb5.conf. I got
references to a des-cbc-md4 as well - MS says nothing about it, but I put
it in both lists anyway, and it doesn't help. Is there some other place
where I am supposed to be putting the encryption types to use?

More information about the Kerberos mailing list