[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

forcing session key type

To: heimdal-discuss@sics.se
Subject: forcing session key type
From: Dave Love <d.love@dl.ac.uk>
Date: 14 May 2002 18:24:58 +0100
Sender: owner-heimdal-discuss@sics.se
User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2

I'm trying to reestablish a working Heimdal config for the GNU
Kerberos servers.  I had it working with 

	GNU.ORG = {
		kdc = kerberos.gnu.org
		kdc = kerberos-2.gnu.org
		kdc = kerberos-3.gnu.org
		admin_server = kerberos.gnu.org
		default_etypes = des-cbc-crc
		default_etypes_des = des-cbc-crc
	}

in krb5.conf.  Now something has changed and it (e.g. Heimdal telnet)
only works if I use the MIT kinit.  MIT gets me a ticket

05/14/02 18:15:43  05/15/02 04:13:55  host/fencepost.gnu.org@GNU.ORG
        Etype (skey, tkt): DES cbc mode with CRC-32, DES cbc mode with CRC-32 

whereas Heimdal gets me

Server: host/fencepost.gnu.org@GNU.ORG
Ticket etype: des-cbc-crc, kvno 3
Session key: des-cbc-md4

and fails like:

[ Trying mutual KERBEROS5 (host/fencepost.gnu.org@GNU.ORG)... ]
Kerberos V5: mk_req failed (Generic error (see e-text))
[ Trying KERBEROS5 (host/fencepost.gnu.org@GNU.ORG)... ]
Kerberos V5: mk_req failed (Generic error (see e-text))

So I assume I need to force a des-cbc-crc session key.  Is there a way
to do that?  I can't find a suitable config option in the doc.

[Is there a way to get more helpful error messages than the above?]

Follow-Ups:
- Re: forcing session key type
  - From: joda@pdc.kth.se (Johan Danielsson)

Prev by Date: kadmind
Next by Date: Re: forcing session key type
Prev by thread: kadmind
Next by thread: Re: forcing session key type
Index(es):
- Date
- Thread