Updating encryption types
Jeffrey Altman
jaltman2 at nyc.rr.com
Wed Jul 6 19:19:27 EDT 2005
Phil Dibowitz wrote:
> On Tue, Jul 05, 2005 at 01:48:54PM -0700, Phil Dibowitz wrote:
>
>>from kadmin, great (though is that "no salt" supposed to be there?)!
>>
>>However, klist -e shows:
>>
>>[phil at frantic unstale]$ klist -e
>>Ticket cache: FILE:/tmp/krb5cc_36070
>>Default principal: phil at ISD.USC.EDU
>>
>>Valid starting Expires Service principal
>>07/05/05 13:36:31 07/05/05 23:36:31 krbtgt/ISD.USC.EDU at ISD.USC.EDU
>> Etype (skey, tkt): DES cbc mode with CRC-32, DES cbc mode with CRC-32
>>[phil at frantic unstale]$
>>
>>and the logs show:
>>
>>Jul 05 13:36:31 frantic.usc.edu krb5kdc[26284](info): AS_REQ (3 etypes {23 16
>>1}) 128.125.10.120: ISSUE: authtime 1120595791, etypes {rep=23 tkt=1 ses=1},
>>phil at ISD.USC.EDU for krbtgt/ISD.USC.EDU at ISD.USC.EDU
>>
>>Neither the session key, nor my principal key seem to have been using the new
>>encryption... it's not clear to me why...
>
>
>
> Anyone?
What enctypes are configured for the service principal
krbtgt/ISD.USC.EDU at ISD.USC.EDU ?
--
-----------------
This e-mail account is not read on a regular basis.
Please send private responses to jaltman at mit dot edu
More information about the Kerberos
mailing list