Solaris ssh pam_krb
Russ Allbery
rra at stanford.edu
Wed Mar 29 00:09:05 EST 2006
Nicolas Williams <Nicolas.Williams at sun.com> writes:
> Just because your principals only have 1DES long-term keys doesn't mean
> that you need to set default_tgs_enctypes/default_tkt_enctypes; in fact,
> you shouldn't.
Oh, I agree! I'm just saying that it's not going to help to change that.
> Besides this you're almost certainly running into:
> 6320871 kinit fails if default_tkt_enctypes = des-cbc-crc but princ has des-cbc-md5 and preauth required
No, we're almost certainly not. :) Believe me, none of our principals
have any des-cbc-md5 keys and never will.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list