permitted_enctypes = "des-cbc-crc" triggers 'kinit: Generic error (see e-text) while getting initial credentials'
Benjamin Kaduk
kaduk at MIT.EDU
Fri Mar 21 11:06:04 EDT 2014
On Fri, 21 Mar 2014, ольга крыжановская wrote:
> Plain des-cbc-crc only authentication doesn't seem to be supported, any more:
Most likely, you still have the 'allow_weak_crypto' setting in krb5.conf
at its default value, false.
-Ben
> $ kadmin
> Authenticating as principal root/admin at MINIPAX.TERRORONWAR.ORG with password.
> kadmin: KDC has no support for encryption type while initializing
> kadmin interface
>
> Olga
>
> On Thu, Mar 20, 2014 at 11:32 PM, Benjamin Kaduk <kaduk at mit.edu> wrote:
>> On Thu, 20 Mar 2014, Wendy Lin wrote:
>>
>>> I have this in my Suse 11.3 /etc/krb.conf for libdefaults:
>>>
>>> allow_weak_crypto = true
>>> # permitted_enctypes = "des-cbc-crc arcfour-hmac des3-cbc-sha1
>>> aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96"
>>> permitted_enctypes = "des-cbc-crc"
>>>
More information about the Kerberos
mailing list