Solaris 9, stock sshd, pam_krb5, MIT 1.4.3 KDC
Jeff Blaine
jblaine at kickflop.net
Tue May 16 15:10:04 EDT 2006
Nicolas Williams wrote:
> On Tue, May 16, 2006 at 02:23:16PM -0400, Jeff Blaine wrote:
>> "authentication failed: Bad encryption type"
>>
>> bash-2.05# /export/home/krb5/sbin/ktutil
>> ktutil: rkt /etc/krb5.keytab
>> ktutil: list
>> slot KVNO Principal
>> ---- ----
>> ---------------------------------------------------------------------
>> 1 4 host/192.168.168.3 at JBTEST
>> 2 4 host/192.168.168.3 at JBTEST
>> 3 4 host/noodle.foo.com at JBTEST
>> 4 4 host/noodle.foo.com at JBTEST
>>
>> ====================================================================
>
> What does "klist -ke /etc/krb5/krb5.keytab" say?
bash-2.05# /export/home/krb5/bin/klist -ke /etc/krb5/krb5.keytab
Keytab name: FILE:/etc/krb5/krb5.keytab
KVNO Principal
----
--------------------------------------------------------------------------
4 host/192.168.168.3 at JBTEST (Triple DES cbc mode with HMAC/sha1)
4 host/192.168.168.3 at JBTEST (DES cbc mode with CRC-32)
4 host/noodle.foo.com at JBTEST (Triple DES cbc mode with HMAC/sha1)
4 host/noodle.foo.com at JBTEST (DES cbc mode with CRC-32)
3 cvs/192.168.168.3 at JBTEST (Triple DES cbc mode with HMAC/sha1)
3 cvs/192.168.168.3 at JBTEST (DES cbc mode with CRC-32)
3 cvs/noodle.foo.com at JBTEST (Triple DES cbc mode with HMAC/sha1)
3 cvs/noodle.foo.com at JBTEST (DES cbc mode with CRC-32)
bash-2.05#
> It's possible that your host principal has keys of enctypes other than
> des-cbc-crc or des-cbc-md5 -- since those are the only enctypes that
> Solaris 9 supports this would be a misconfiguration.
>
> Nico
More information about the Kerberos
mailing list