problem with pam_krb5 4.2-1

Rohit Kumar Mehta rohitm at engr.uconn.edu
Fri May 14 18:33:08 EDT 2010


No the KDCs do not have that option set.  I did set it on the one client 
(which I upgraded to the latest Ubuntu)

I think the best (and most secure) practice would be to regenerate all 
the keytabs and the trust, so I'll tackle it next week.

Thanks for your help!

Rohit

Russ Allbery wrote:
> Rohit Kumar Mehta <rohitm at engr.uconn.edu> writes:
>
>   
>> Thanks for your help Russ.  My keys are indeed only plain DES keys, but
>> I also have allow_weak_crypto set to true.  (We're using Kerberized NFS
>> in Linux which I think at this point requires weak crypto)
>>     
>
> Is allow_weak_crypto also set on the KDCs involved?
>
>   
>> So I guess I will have to generate new keytabs and recreate the trust,
>> and that problem should go away?
>>     
>
> You should not need to do any of that if allow_weak_crypto is set.
>
>   


-- 
Rohit Mehta
Computer Engineer
University of Connecticut
Engineering Computing Services
371 Fairfield Road Unit 2031
Storrs, CT 06269-2031

Office: (860) 486 - 2331
Fax: (860) 486 - 1273





More information about the Kerberos mailing list