CANT_FIND_CLIENT_KEY

Matt Zagrabelny mzagrabe at d.umn.edu
Tue Mar 30 17:56:11 EDT 2010


On Tue, 2010-03-30 at 14:46 -0700, Russ Allbery wrote:
> Matt Zagrabelny <mzagrabe at d.umn.edu> writes:
> 
> > Thanks for the quick help, Russ. Still the same problem, though.
> 
> > # grep -B1 allow_weak_crypto /etc/krb5.conf
> > [libdefaults]
> >     allow_weak_crypto = true
> 
> > # /etc/init.d/krb5-kdc restart
> 
> > % telnet blah...
> 
> > AS_REQ (1 etypes {1}) 10.25.1.14: CANT_FIND_CLIENT_KEY:
> > mzagrabe at D.UMN.EDU for krbtgt/D.UMN.EDU at D.UMN.EDU, KDC has no support
> > for encryption type
> 
> > Any other ideas?
> 
> You need it on the client in addition to the server.

Good to know. :)

Unfortunately, the client is a Cisco Catalyst 3750. :/

workstation% telnet.netkit switch3750
Trying 10.25.1.14...
'autologin': unknown argument ('toggle ?' for help).
Connected to switch3750.d.umn.edu.
Escape character is '^]'.


User Access Verification

Username: mzagrabe
Password: 

% Authentication failed



switch3750 has a "pam-krb5-like" authentication mechanism for its telnet
daemon.

So, I am _not_ trying kerberized telnet right now, just trying to get
the switch to play nicely in my realm.

If typing usernames and passwords into switching gear was more fun I
would be less determined to get this working. Having said that, any
other ideas?

Thanks,

-- 
Matt Zagrabelny - mzagrabe at d.umn.edu - (218) 726 8844
University of Minnesota Duluth
Information Technology Systems & Services
PGP key 4096R/42A00942 2009-12-16
Fingerprint: 5814 2CCE 2383 2991 83FF  C899 07E2 BFA8 42A0 0942

He is not a fool who gives up what he cannot keep to gain what he cannot
lose.
-Jim Elliot
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20100330/70628197/attachment.bin


More information about the Kerberos mailing list