On Tue, 2012-02-07 at 17:10 +0100, Westerlund Johnny wrote: > OK, so how do i enable des keys on my KDC? I'm running the IPA on RHEL6.2 so > it's the one from the channel, is it 2.1.4? I don't have the machine infront > of me so i cant check. > The documentation does not state that you need to enable des keys on the IPA > while setting up this. It only states that you need to enable > allow_weak_crypto in krb5.conf > and make sure you export your NFS principal with -e des-cbc-crc .
2.1.x still did not disable DES keys by default, so you should be already all set since you changed the 'allow weak crypto' parameter in krb5.conf on the server. Now all you need to do is to get a nfs/fqdn keytab that uses only DES keys for your NFS server as well for the clients. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
