How to prevent getting rc4-hmac data
Neulinger, Nathan
nneul at umr.edu
Fri Jan 31 16:55:48 EST 2003
I just started looking at re-deploying ssh with the gssapi patch
recently, and noticed that depending on how I got the
host/hostname at REALM ticket, it works or doesn't.
I'm running against a microsoft ADS kerberos server.
If I kinit, then run ssh, gssapi gets the host ticket, and it gets it as
rc4-hmac, and fails to connect to the remote ssh server.
If I kinit, then krb telnet to the remote host, then ssh, the telnet
gets the ticket, and it gets it as des-cbc-crc, and ssh connects just
fine.
I have:
[libdefaults]
default_realm = UMR.EDU
default_tgs_enctypes = des-cbc-crc
default_tkt_enctypes = des-cbc-crc
in krb5.conf. Is there anything else that can be set (or code changed in
ssh client) to cause gssapi_krb to NOT get a rc4-hmac ticket?
-- Nathan
------------------------------------------------------------
Nathan Neulinger EMail: nneul at umr.edu
University of Missouri - Rolla Phone: (573) 341-4841
Computing Services Fax: (573) 341-4216
More information about the krbdev
mailing list