ktadd default enctype
John Devitofranceschi
jdvf at optonline.net
Fri Jun 5 07:24:06 EDT 2015
How is ktadd *supposed* to figure out which enctype(s) to use?
I am seeing an issue where kadmin’s ktadd, if left to its own devices, will generate a key with an encryption type that has nothing to do with the KDC’s supported_enctype list and ktadd seems to completely ignore the local client’s default/permitted enctype settings.
KDC supports: des3-cbc-sha1 des-cbc-crc (I know, I know)
Client’s krb5.conf tells it to support: des-cbc-crc (I know, I know)
But when we run ktadd the resulting keytab’s key has des-cbc-md5
The client is an Oracle Linux with 1.6.1 krb5 client software.
Also, the KDC is using Sun Solaris 10 Kerberos software (not MIT).
Thanks for any insight!
jd
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2393 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20150605/2cdf0862/attachment.bin
More information about the Kerberos
mailing list