davedartt at gmail.com
Mon Dec 9 11:24:15 EST 2013
I am trying to use IBM Client Access on my Kubuntu (debian). I have
successfully authenticated against our KDC and received my TGT. The
KDC server is using all the newest and latest protocols but the
iSeries is still using the old DES-CBC-MD5 encryption. I have no
control over this aspect so I was wondering is there a way to force my
system to allow the usage of this old encryption type? so that I can
use my kerberos ticket to authenticate my IBM Client Access and be
able to comply with my companies move to a SSO system.
KDC server log entry concerning my ticket denial...
12/09/2013 08:25:45 AM
> Message=While processing a TGS request for the target server krbsvr400/
> iseries.mycompany.com, the account ddartt at MYCOMPANY.COM did not have a
> suitable key for generating a Kerberos ticket (the missing key has an ID
> of 8). The requested etypes were 18 17 16 23. The accounts available
> etypes were 23 -133 -128 3 1. Changing or resetting the password of host_1
> _krbsvr400 will generate a proper key.
More information about the Kerberos