Enctype Negotiation Problem
John Hascall
john at iastate.edu
Wed Oct 11 19:06:08 EDT 2006
> Except the issue here is he's getting a DES_CBC_MD4 session key when he
> wants DES_CBC_CRC. The "why" is likely in the code you're quoting -
> DES_CBC_MD4 is a "better" enctype, and both sides appear to support it
> (since the single-des types are interchangeable).
> I'd be curious to know how the resulting ticket is not "useful"; that is,
> what application is being used and what error results when attempting to
> use that ticket.
Here is the error reported by the user:
$ telnet -fax cerberus.ait.iastate.edu
Encryption is verbose
Trying 129.186.145.115...
Connected to cerberus.ait.iastate.edu.
Escape character is '^]'.
[ Trying mutual KERBEROS5 (host/cerberus.ait.iastate.edu at IASTATE.EDU)... ]
[ Kerberos V5 refuses authentication because telnetd:
krb5_rd_req failed: Encryption type not permitted ]
[ Trying KERBEROS5 (host/cerberus.ait.iastate.edu at IASTATE.EDU)... ]
[ Kerberos V5 refuses authentication because telnetd:
krb5_rd_req failed: Encryption type not permitted ]
John
More information about the Kerberos
mailing list