[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

KDC refuses to give des-cbc-crc keys

To: heimdal-discuss@sics.se
Subject: KDC refuses to give des-cbc-crc keys
From: Juha =?UTF-8?B?SsOkeWtrw6Q=?= <juhaj@iki.fi>
Date: Tue, 03 Oct 2006 12:46:23 +0300
Organization: University of Turku
Sender: owner-heimdal-discuss@sics.se

Hi!

While testing NFSv4 gss/krb5 mounts, I ran into the following problem:
KDC won't give rpc.gssd des-cbc-crc keys at all. I cannot understand why.
The principal has the keytype, the keytab has the keytype, the AS-REQ
lists enctypes 1,2,3,16,17,18,23 (I wiresharked that part), but the KDC
responds with just type 18. Linux nfsv4 for some strange reason, insists
on des-cbc-crc enctype.

How do I persuade the KDC to give the client all the enctypes it asks
for or at least both aes and des? Setting default_tgs_enctypes,
default_tkt_enctypes et al in krb5.conf does not help.

-Juha

-- 
                 -----------------------------------------------
                | Juha JÃ¤ykkÃ¤, juolja@utu.fi			|
		| Laboratory of Theoretical Physics		|
		| Department of Physics, University of Turku	|
                | home: http://www.utu.fi/~juolja/              |
                 -----------------------------------------------

signature.asc

Follow-Ups:
- Re: KDC refuses to give des-cbc-crc keys
  - From: Love Hörnquist Åstrand <lha@kth.se>

Next by Date: Romanian PHP & .NET Software Outsourcing
Next by thread: Re: KDC refuses to give des-cbc-crc keys
Index(es):
- Date
- Thread