problem with pam_krb5 4.2-1
Rohit Kumar Mehta
rohitm at engr.uconn.edu
Fri May 14 18:33:08 EDT 2010
No the KDCs do not have that option set. I did set it on the one client
(which I upgraded to the latest Ubuntu)
I think the best (and most secure) practice would be to regenerate all
the keytabs and the trust, so I'll tackle it next week.
Thanks for your help!
Rohit
Russ Allbery wrote:
> Rohit Kumar Mehta <rohitm at engr.uconn.edu> writes:
>
>
>> Thanks for your help Russ. My keys are indeed only plain DES keys, but
>> I also have allow_weak_crypto set to true. (We're using Kerberized NFS
>> in Linux which I think at this point requires weak crypto)
>>
>
> Is allow_weak_crypto also set on the KDCs involved?
>
>
>> So I guess I will have to generate new keytabs and recreate the trust,
>> and that problem should go away?
>>
>
> You should not need to do any of that if allow_weak_crypto is set.
>
>
--
Rohit Mehta
Computer Engineer
University of Connecticut
Engineering Computing Services
371 Fairfield Road Unit 2031
Storrs, CT 06269-2031
Office: (860) 486 - 2331
Fax: (860) 486 - 1273
More information about the Kerberos
mailing list