permitted_enctypes = "des-cbc-crc" triggers 'kinit: Generic error (see e-text) while getting initial credentials'

[ольга крыжановская]

No, allow_weak_crypto is set to true:

[libdefaults]
#       default_realm = EXAMPLE.COM

        default_realm = MINIPAX.TERRORONWAR.ORG
        clockskew = 300
        allow_weak_crypto = true
#       permitted_enctypes = "des-cbc-crc arcfour-hmac des3-cbc-sha1
aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96"
        permitted_enctypes = "des-cbc-crc"

Any other ideas?

Olga

On Fri, Mar 21, 2014 at 4:06 PM, Benjamin Kaduk <kaduk at mit.edu> wrote:
> On Fri, 21 Mar 2014, ольга крыжановская wrote:
>
>> Plain des-cbc-crc only authentication doesn't seem to be supported, any
>> more:
>
>
> Most likely, you still have the 'allow_weak_crypto' setting in krb5.conf at
> its default value, false.
>
> -Ben
>
>
>> $ kadmin
>> Authenticating as principal root/admin at MINIPAX.TERRORONWAR.ORG with
>> password.
>> kadmin: KDC has no support for encryption type while initializing
>> kadmin interface
>>
>> Olga
>>
>> On Thu, Mar 20, 2014 at 11:32 PM, Benjamin Kaduk <kaduk at mit.edu> wrote:
>>>
>>> On Thu, 20 Mar 2014, Wendy Lin wrote:
>>>
>>>> I have this in my Suse 11.3 /etc/krb.conf for libdefaults:
>>>>
>>>>        allow_weak_crypto = true
>>>> #       permitted_enctypes = "des-cbc-crc arcfour-hmac des3-cbc-sha1
>>>> aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96"
>>>>        permitted_enctypes = "des-cbc-crc"



-- 
      ,   _                                    _   ,
     { \/`o;====-    Olga Kryzhanovska   -====;o`\/ }
.----'-/`-/     olga.kryzhanovska at gmail.com   \-`\-'----.
 `'-..-| /       http://twitter.com/fleyta     \ |-..-'`
      /\/\     Solaris/BSD//C/C++ programmer   /\/\
      `--`                                      `--`