permitted_enctypes = "des-cbc-crc" triggers 'kinit: Generic error (see e-text) while getting initial credentials'
steve
steve at steve-ss.com
Thu Mar 20 18:26:43 EDT 2014
On Thu, 2014-03-20 at 23:01 +0100, Wendy Lin wrote:
> I have this in my Suse 11.3 /etc/krb.conf for libdefaults:
>
> allow_weak_crypto = true
> # permitted_enctypes = "des-cbc-crc arcfour-hmac des3-cbc-sha1
> aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96"
> permitted_enctypes = "des-cbc-crc"
>
> Now if I try to kinit I get this error:
>
> kinit
> kinit: Generic error (see e-text) while getting initial credentials
>
> Why?
>
> Wendy
Hi
Do you have DNS configured properly?
Add:
dns_lookup_realm = false
dns_lookup_kdc = true
to [libdefaults]
More information about the Kerberos
mailing list