principal: Invalid argument while creating "foo@FOO".
Tom Yu
tlyu at MIT.EDU
Mon Dec 28 22:17:19 EST 2009
Jeff Blaine <jblaine at kickflop.net> writes:
> On 12/28/2009 9:41 PM, Tom Yu wrote:
>> Jeff Blaine<jblaine at kickflop.net> writes:
>>
>>> No, that works fine.
>>
>> When running kadmin remotely, does "addprinc" without "-randkey"
>> succeed?
>
> Yup.
This is probably a known bug, #6074. It was fixed in krb5-1.7, but
not back-ported to 1.6.x. Basically, krb5-1.7 causes the RC4
string-to-key to perform a proper UTF-8 conversion, and the "dummy"
password that kadmin uses for performing the "addprinc -randkey"
operation contains octet sequences that are not valid UTF-8. It's
kind of an impedance mismatch between krb5-1.7 and earlier kadmin
clients. Do you have RC4 ("arcfour-hmac-md5", etc.) configured in
your "supported_enctypes" on that KDC?
http://krbdev.mit.edu/rt/Ticket/Display.html?id=6074&user=guest&pass=guest
More information about the Kerberos
mailing list