[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Mixing heimdal and MIT clients.

On Jan 15, 2008, at 8:48 AM, Timothy J. Miller wrote:

> On Jan 15, 2008, at 8:35 AM, Timothy J. Miller wrote:
>> heimdal/klist works fine but I don't have the MIT klist installed  
>> on the client system.
> OK, so compiling MIT took less time than I thought.  MIT klist  
> works just fine with the heimdal-obtained ccache.
> So now I'm at a total loss as to what's happening.

On a hint from another mailing list, I nuked the following from  
krb5.conf [libdefaults]:

default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc

Which were included by default by Ubuntu's krb5-common package.   
Despite the fact that these didn't prevent heimdal clients from  
working, those two lines certainly hosed up the MIT clients.

With them gone, everything works now.

Guess I need to read more about enctypes and their effects in both  

-- Tim