netapp, nfs, kerberos, and ldap
Jeffrey Altman
jaltman2 at nyc.rr.com
Thu Apr 7 16:40:08 EDT 2005
user wrote:
> I found out when the keytabs were created DES only
> for the services. Also in the krb5.conf, we have
>
> [libdefaults]
> ticket_lifetime = 600
> default_realm = EXAMPLE.COM
> default_tkt_enctypes = des-cbc-crc
> default_tgs_enctypes = des-cbc-crc
>
> it seemed to help
>
>
There is no reason to restrict your entire realm to using
weak DES based crypto simply because your filer does not support
anything but DES. Remove the two enctype lines from your krb5.conf
and simply restrict the enctypes on the service principal used
for the filer to des-cbc-crc
Jeffrey Altman
--
-----------------
This e-mail account is not read on a regular basis.
Please send private responses to jaltman at mit dot edu
More information about the Kerberos
mailing list