Solaris 9, stock sshd, pam_krb5, MIT 1.4.3 KDC
Ken Hornstein
kenh at cmf.nrl.navy.mil
Tue May 16 20:47:09 EDT 2006
>And now, I cannot get kadmin.local to NOT make 3DES
>keys. I have tried:
>
>1. kdc_supported_enctypes = des-cbc-crc:normal
>2. supported_enctypes = des-cbc-crc:normal
>3. Both 1 and 2 at the same time
>4. 1, 2, and 3 after restarting everything
>5. Checked and rechecked that I am editing the
> only kdc.conf on my entire box (find ...)
Silly question time: exactly where do you think your kdc.conf is?
I found a bunch of times that people would mistakenly place it in /etc,
and the KDC would happily start up without reading it. You could use
a system call tracer to make sure it's reading the right file.
> kadmin.local: ktadd -e des-cbc-crc host/noodle.foo.com
> ktadd: Invalid argument while parsing keysalts de
>
> ^^ ????
You forgot to append the salt here (the ":normal" part). Perhaps that
should be a default ... but it did tell you that the error was in parsing
the keysalt (I dunno why it picks the first few letters of the enctype
in that error message, but that's what it's doing).
--Ken
More information about the Kerberos
mailing list