[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

KDC refuses to give des-cbc-crc keys


While testing NFSv4 gss/krb5 mounts, I ran into the following problem:
KDC won't give rpc.gssd des-cbc-crc keys at all. I cannot understand why.
The principal has the keytype, the keytab has the keytype, the AS-REQ
lists enctypes 1,2,3,16,17,18,23 (I wiresharked that part), but the KDC
responds with just type 18. Linux nfsv4 for some strange reason, insists
on des-cbc-crc enctype.

How do I persuade the KDC to give the client all the enctypes it asks
for or at least both aes and des? Setting default_tgs_enctypes,
default_tkt_enctypes et al in krb5.conf does not help.


                | Juha Jäykkä, juolja@utu.fi			|
		| Laboratory of Theoretical Physics		|
		| Department of Physics, University of Turku	|
                | home: http://www.utu.fi/~juolja/              |