Problem to get TGT by des-cbc-md5 encrytype from Krb5-1.5.4 KDC on suse 10.
Leo Li
liyilei1979 at gmail.com
Wed Oct 31 01:37:05 EDT 2007
Hi, all
I have a problem to get TGT while des-cbc-md5 enctypes from MIT
Krb5-1.5.4 KDC installed on suse 10.
Here is the kdc.conf:
[kdcdefaults]
kdc_ports = 88
[realms]
EXAMPLE.COM <http://example.com/> = {
database_name = /usr/local/var/krb5kdc/principal
admin_keytab = FILE:/usr/local/var/krb5kdc/kadm5.keytab
acl_file = /usr/local/var/krb5kdc/kadm5.acl
kdc_ports = 88
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
supported_enctypes = des3-hmac-sha1:normal
arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal
des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3
}
And the krb5.conf has :
[libdefaults]
default_realm = EXAMPLE.COM <http://example.com/>
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
default_tkt_enctypes = des-cbc-md5
[realms]
EXAMPLE.COM <http://example.com/> = {
kdc = leo-suse.cn.ibm.com:88
admin_server = leo-suse.cn.ibm.com:749
default_domain = leo-suse.cn.ibm.com
}
[domain_realm]
.leo-suse.cn.ibm.com = EXAMPLE.COM <http://example.com/>
leo-suse.cn.ibm.com = EXAMPLE.COM <http://example.com/>
And then if I run
kinit test at EXAMPLE.COM
It complains:
kinit(v5): KDC has no support for encryption type while getting
initial credentials
I also have added the des-cbc-md5 enctype as a keytab for test at EXAMPLE.COMby:
kadmin.local: addprinc -e "des-cbc-md5:normal" test at EXAMPLE.COM
And the getprinc also shows:
kadmin.local: getprinc test at EXAMPLE.COM
...
Number of keys: 1
Key: vno 1, DES cbc mode with RSA-MD5, no salt
Attributes:
Policy: [none]
Besides, seems other encryption types are all supported, for example, the
des-cbc-md4.
So could somebody help to spot what is the problem?
Thanks in advance.
--
Leo Li
China Software Development Lab, IBM
More information about the Kerberos
mailing list