encryption types in krb5.conf

preetam R rpreetam2001 at yahoo.com
Thu Sep 28 00:21:38 EDT 2006 

Hi,

    This nice presentation on kerberos encryption
types from Will Fiveash should clear your doubts.

http://www.filibeto.org/~aduritz/truetrue/solaris10/krb_enctypes_so8.pdf

Preetam

--- chandrakala   <chandu_ms at rediffmail.com> wrote:

> Hi,
> 
> I 'm trying to enable use of des3-hmac-sha1 as one
> of the supported enctypes on a Linux machine.
> 
> kdc.conf on my Linux machine is as below:
> master_key_type    = des-cbc-crc
> supported_enctypes = des3-cbc-sha1:normal
> des-cbc-md5:normal des-cbc-crc:normal 
> 
> Created the database and restarted the kerberos
> services.
> 
> I followed the below steps to run my client/server
> program that uses this KDC:
> 
> 1) Added principals client/hostname and
> server/hostname to the kerberos database
> 
> 2)Listed these principals using getprinc, it showed
> 3 keys. Each key indicating an encryption type as
> shown above.
> 
> 3) Did a kinit client/hostname and kinit
> server/hostname from the client by specifying only
> des3-hmac-sha1 as the default_tgt/tgs_enctype in the
> client side krb5.conf.
> 
> 4) klist -e displayed encryption key as
> DES3-CBC-SHA1 for both the client and the server. My
> client/server program worked fine.
> 
> But when I repeated the above steps with
> "des-cbc-crc des3-cbc-sha1" as the
> default_tgt/tgs_enctype in the client side
> krb5.conf, the client/server program failed with GSS
> Exception and with 
> Cryptography key des3-cbc-sha1 not found.
> 
> On doing a klist -e it showed only DES-CBC-CRC.
> 
> Can someone please help me resolve this? What is the
> order in which the encryption types are picked up on
> both client side or on the KDC side? Thank You.
> 
> Regards,
> Chandrakala
> 
> 
> 
>    
> 
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

More information about the Kerberos mailing list