Solaris ssh pam_krb
Russ Allbery
rra at stanford.edu
Tue Mar 28 22:29:14 EST 2006
"Douglas E Engert" <deengert at anl.gov> writes:
>> 5 host/HOSTNAME.stanford.edu at stanford.edu (DES cbc mode with CRC-32)
> Realms are usually uppercase. Is this the correct principal?
Yes.
> How did you create this keytab file?
Using our normal keytab creation mechanism.
>> 4) /etc/krb5/krb5.conf is the standard one from campus and includes:
>> default_tgs_enctypes = des-cbc-crc
>> default_tkt_enctypes = des-cbc-crc
> You may want to take these last two likes out, as it might be forcing to
> only accept DES, even though the KDC and the client think it can do
> better.
That's the only thing that our KDC, right now, is going to be willing to
do. That's changing slowly, but not yet for host/* principals.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list