Kerberos troubles
Jean-Yves Avenard
jyavenard at gmail.com
Tue Sep 21 15:48:37 EDT 2010
On 22 September 2010 05:28, Christopher D. Clausen <cclausen at acm.org> wrote:
> I'm guessing you need to enable single DES encryption types on the KDCs, the
> web server and the clients.
>
> You should look into the allow_weak_crypto = true in the [libdefaults]
> section of krb5.conf
Will surely try.
The principal was created using:
ank -pw password -e rc4-hmac:normal host/minimepc.m.domain.com
For all account it seemed to work properly, by that I mean I see no
authentication error in the kdc logs.
I did see:
Sep 22 05:43:06 m.domain.com krb5kdc[68](info): AS_REQ (7 etypes {18
17 16 23 1 3 2}) 60.242.X.X: NEEDED_PREAUTH:
jeanyves_avenard at M.DOMAIN.COM for krbtgt/M.DOMAIN.COM at M.DOMAIN.COM,
Additional pre-authentication required
followed by proper authentication after
More information about the Kerberos
mailing list