Encryption type troubles
Martin B. Smith
smithmb at ufl.edu
Fri Sep 14 14:16:37 EDT 2012
On 09/14/2012 01:53 PM, Greg Hudson wrote:
> A BAD_ENCRYPTION_TYPE error means the server couldn't pick a session
> key, meaning there was no commonality between the requested enctypes and
> the server principal entry's key types (or that all of the common
> entries aren't permitted, but that's not an issue in your scenario). So
> it's the server's principal entry--in this case, krbtgt/REALMNAME--which
> is the problem, not the client's.
Thanks Greg and Marcus. It was exactly as you pointed out. Are there any
side effects of rekeying krbtgt at REALMNAME? I'm guessing any existing
TGTs are invalidated, but I haven't reasoned out any other problems that
might occur.
I'm working on a migration of encryption types, and I was trying to
identify why one of the etypes was single DES still. Now I see much
better etypes for tkt, in addition to rep and ses in the KDC logs :).
Thanks for the help!
--
Martin B. Smith, Systems Administrator
smithmb at ufl.edu - (352) 273-1329
UF Information Technology, CNS/Open Systems Group
University of Florida
More information about the Kerberos
mailing list