problem with pam_krb5 4.2-1

Russ Allbery rra at stanford.edu
Fri May 14 12:31:52 EDT 2010


Rohit Kumar Mehta <rohitm at engr.uconn.edu> writes:

> Thanks for your help Russ.  My keys are indeed only plain DES keys, but
> I also have allow_weak_crypto set to true.  (We're using Kerberized NFS
> in Linux which I think at this point requires weak crypto)

Is allow_weak_crypto also set on the KDCs involved?

> So I guess I will have to generate new keytabs and recreate the trust,
> and that problem should go away?

You should not need to do any of that if allow_weak_crypto is set.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the Kerberos mailing list