[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

forcing session key type

I'm trying to reestablish a working Heimdal config for the GNU
Kerberos servers.  I had it working with 

	GNU.ORG = {
		kdc = kerberos.gnu.org
		kdc = kerberos-2.gnu.org
		kdc = kerberos-3.gnu.org
		admin_server = kerberos.gnu.org
		default_etypes = des-cbc-crc
		default_etypes_des = des-cbc-crc

in krb5.conf.  Now something has changed and it (e.g. Heimdal telnet)
only works if I use the MIT kinit.  MIT gets me a ticket

05/14/02 18:15:43  05/15/02 04:13:55  host/fencepost.gnu.org@GNU.ORG
        Etype (skey, tkt): DES cbc mode with CRC-32, DES cbc mode with CRC-32 

whereas Heimdal gets me

Server: host/fencepost.gnu.org@GNU.ORG
Ticket etype: des-cbc-crc, kvno 3
Session key: des-cbc-md4

and fails like:

[ Trying mutual KERBEROS5 (host/fencepost.gnu.org@GNU.ORG)... ]
Kerberos V5: mk_req failed (Generic error (see e-text))
[ Trying KERBEROS5 (host/fencepost.gnu.org@GNU.ORG)... ]
Kerberos V5: mk_req failed (Generic error (see e-text))

So I assume I need to force a des-cbc-crc session key.  Is there a way
to do that?  I can't find a suitable config option in the doc.

[Is there a way to get more helpful error messages than the above?]