Kerberos V5 refuses authentication because Kerberos checksum?verification failed: Bad encryption type

Victor Sudakov vas at mpeks.no-spam-here.tomsk.su
Fri Feb 15 00:43:13 EST 2008


Steven Miller wrote:
> > 
> > What could be the reason that I cannot telnet from
> > FreeBSD to Solaris 10
> > with the following error:
> > 
> > Connected to oracle.sibptus.tomsk.ru.
> > Escape character is '^]'.
> > [ Trying mutual KERBEROS5
> > (host/oracle.sibptus.tomsk.ru at SIBPTUS.TOMSK.RU)... ]
> > [ Kerberos V5 refuses authentication because
> > Kerberos checksum verification failed: Bad
> > encryption type ]
> > [ Trying KERBEROS5
> > (host/oracle.sibptus.tomsk.ru at SIBPTUS.TOMSK.RU)... ]
> > [ Kerberos V5 refuses authentication because
> > Kerberos checksum verification failed: Bad
> > encryption type ]
> > Password:
> I believe that solaris (as as solaris 9) only supports
> des-cbc-crc encrypion. 

Actually, there *is* a des-cbc-crc key in the keytab, why wouldn't it just 
use it?

# klist -e -k /etc/krb5/krb5.keytab
Keytab name: FILE:/etc/krb5/krb5.keytab
KVNO Principal
---- -----------------------------------------------------------------------
   1 host/oracle.sibptus.tomsk.ru at SIBPTUS.TOMSK.RU (DES cbc mode with CRC-32)
   1 host/oracle.sibptus.tomsk.ru at SIBPTUS.TOMSK.RU (etype 2)
   1 host/oracle.sibptus.tomsk.ru at SIBPTUS.TOMSK.RU (DES cbc mode with RSA-MD5)
   1 host/oracle.sibptus.tomsk.ru at SIBPTUS.TOMSK.RU (Triple DES cbc mode with HMAC/sha1)
#



-- 
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
2:5005/49 at fidonet http://vas.tomsk.ru/



More information about the Kerberos mailing list