KDC has no support for encryption type
Robert Wehn
robert.wehn at rz.uni-augsburg.de
Fri Aug 1 08:21:22 EDT 2014
Hi Prashant
Am 01.08.2014 11:31, schrieb vijaydpr:
> I'm trying to setup a SSO between a Linux server and a Windows 2008 AD
> server.
> Kinit happens successfully for us , please check the kinit logs below
>
> orsapbisbx01:sbqadm 60> kinit -V -k SBQADM/
> orsapbisbx01.radisys.com at RADISYS.COM
> Using default cache: /tmp/krb5cc_500
> Using principal: SBQADM/orsapbisbx01.radisys.com at RADISYS.COM
> Authenticated to Kerberos v5
>
> Klist lists us the correct kerberos TGT, But the KVNO test fails
>
> orsapbisbx01:sbqadm 64> /usr/bin/kvno SBQADM/
> orsapbisbx01.radisys.com at RADISYS.COM
> kvno: KDC has no support for encryption type while getting credentials for
> SBQADM/orsapbisbx01.radisys.com at RADISYS.COM
> orsapbisbx01:sbqadm 65>
please send us your /etc/krb5.conf , so we can see the encryption types
defined there.
Windows 2008 AD only knows the following encryption types (from secure
to unsecure):
aes256-cts-hmac-sha1-96 , aes128-cts-hmac-sha1-96 , arcfour-hmac-md5
(possible but disabled by default: des-cbc-crc , des-cbc-md5)
Windows 2003 AD only knows
aes128-cts-hmac-sha1-96 , arcfour-hmac-md5 des-cbc-crc , des-cbc-md5
regards, Robert.
--
Dr. Robert Wehn ........................ http://www.rz.uni-augsburg.de
Universität Augsburg, Rechenzentrum ............. Tel. (0821) 598-2047
86135 Augsburg .................................. Fax. (0821) 598-2028
More information about the Kerberos
mailing list