Kerberos troubles

Jean-Yves Avenard jyavenard at gmail.com
Tue Sep 21 15:48:37 EDT 2010


On 22 September 2010 05:28, Christopher D. Clausen <cclausen at acm.org> wrote:

> I'm guessing you need to enable single DES encryption types on the KDCs, the
> web server and the clients.
>
> You should look into the allow_weak_crypto = true in the [libdefaults]
> section of krb5.conf

Will surely try.

The principal was created using:
ank -pw password -e rc4-hmac:normal host/minimepc.m.domain.com

For all account it seemed to work properly, by that I mean I see no
authentication error in the kdc logs.

I did see:

Sep 22 05:43:06 m.domain.com krb5kdc[68](info): AS_REQ (7 etypes {18
17 16 23 1 3 2}) 60.242.X.X: NEEDED_PREAUTH:
jeanyves_avenard at M.DOMAIN.COM for krbtgt/M.DOMAIN.COM at M.DOMAIN.COM,
Additional pre-authentication required

followed by proper authentication after



More information about the Kerberos mailing list