ksu problem with "Version: 1.12+dfsg-2ubuntu5.1"
Benjamin Kaduk
kaduk at MIT.EDU
Tue Feb 17 17:51:39 EST 2015
On Tue, 17 Feb 2015, Giuseppe Mazza wrote:
> On 17/02/15 17:36, Benjamin Kaduk wrote:
> > On Tue, 17 Feb 2015, Giuseppe Mazza wrote:
>
>
> client% head -20 /etc/krb5.conf
> [appdefaults]
> # [dwm] necessary for DOC.IC.AC.UK
> allow_weak_crypto=true
>
> [libdefaults]
> default_realm = DOC.IC.AC.UK
>
> # The following krb5.conf variables are only for MIT Kerberos.
> krb4_config = /etc/krb.conf
> krb4_realms = /etc/krb.realms
> kdc_timesync = 1
> ccache_type = 4
> forwardable = true
> proxiable = true
>
> # [dwm] necessary for DOC.IC.AC.UK
> allow_weak_crypto=true
>
> # The following encryption type specification will be used by MIT Kerberos
> # if uncommented. In general, the defaults in the MIT Kerberos code are
Are any of the encryption type specifications in the following lines of
the file uncommented?
I don't think we've heard any other reports of this sort of issue with
ksu, and I don't think that its code does anything special that would fail
to respect allow_weak_crypto, so I am rather puzzled at the behavior you
are seeing.
Also, you say you are upgrading to Ubuntu 14.04 with krb5
1.12+dfsg-2ubuntu5.1, but what version were you upgrading from? The krb5
1.10+dfsg~beta1-2ubuntu0.6 in Ubuntu 12.04?
-Ben
More information about the Kerberos
mailing list