encryption types in krb5.conf
chandrakala
chandu_ms at rediffmail.com
Wed Sep 27 14:55:57 EDT 2006
Hi,
I 'm trying to enable use of des3-hmac-sha1 as one of the supported enctypes on a Linux machine.
kdc.conf on my Linux machine is as below:
master_key_type = des-cbc-crc
supported_enctypes = des3-cbc-sha1:normal des-cbc-md5:normal des-cbc-crc:normal
Created the database and restarted the kerberos services.
I followed the below steps to run my client/server program that uses this KDC:
1) Added principals client/hostname and server/hostname to the kerberos database
2)Listed these principals using getprinc, it showed 3 keys. Each key indicating an encryption type as shown above.
3) Did a kinit client/hostname and kinit server/hostname from the client by specifying only des3-hmac-sha1 as the default_tgt/tgs_enctype in the client side krb5.conf.
4) klist -e displayed encryption key as DES3-CBC-SHA1 for both the client and the server. My client/server program worked fine.
But when I repeated the above steps with "des-cbc-crc des3-cbc-sha1" as the default_tgt/tgs_enctype in the client side krb5.conf, the client/server program failed with GSS Exception and with
Cryptography key des3-cbc-sha1 not found.
On doing a klist -e it showed only DES-CBC-CRC.
Can someone please help me resolve this? What is the order in which the encryption types are picked up on both client side or on the KDC side? Thank You.
Regards,
Chandrakala
More information about the Kerberos
mailing list