CANT_FIND_CLIENT_KEY
Matt Zagrabelny
mzagrabe at d.umn.edu
Tue Mar 30 17:56:11 EDT 2010
On Tue, 2010-03-30 at 14:46 -0700, Russ Allbery wrote:
> Matt Zagrabelny <mzagrabe at d.umn.edu> writes:
>
> > Thanks for the quick help, Russ. Still the same problem, though.
>
> > # grep -B1 allow_weak_crypto /etc/krb5.conf
> > [libdefaults]
> > allow_weak_crypto = true
>
> > # /etc/init.d/krb5-kdc restart
>
> > % telnet blah...
>
> > AS_REQ (1 etypes {1}) 10.25.1.14: CANT_FIND_CLIENT_KEY:
> > mzagrabe at D.UMN.EDU for krbtgt/D.UMN.EDU at D.UMN.EDU, KDC has no support
> > for encryption type
>
> > Any other ideas?
>
> You need it on the client in addition to the server.
Good to know. :)
Unfortunately, the client is a Cisco Catalyst 3750. :/
workstation% telnet.netkit switch3750
Trying 10.25.1.14...
'autologin': unknown argument ('toggle ?' for help).
Connected to switch3750.d.umn.edu.
Escape character is '^]'.
User Access Verification
Username: mzagrabe
Password:
% Authentication failed
switch3750 has a "pam-krb5-like" authentication mechanism for its telnet
daemon.
So, I am _not_ trying kerberized telnet right now, just trying to get
the switch to play nicely in my realm.
If typing usernames and passwords into switching gear was more fun I
would be less determined to get this working. Having said that, any
other ideas?
Thanks,
--
Matt Zagrabelny - mzagrabe at d.umn.edu - (218) 726 8844
University of Minnesota Duluth
Information Technology Systems & Services
PGP key 4096R/42A00942 2009-12-16
Fingerprint: 5814 2CCE 2383 2991 83FF C899 07E2 BFA8 42A0 0942
He is not a fool who gives up what he cannot keep to gain what he cannot
lose.
-Jim Elliot
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20100330/70628197/attachment.bin
More information about the Kerberos
mailing list