On 11/12/2014 09:54 AM, Andreas Ladanyi wrote:
Hi,
I set up the 389 LDAP server to support des-cbc-crc enctype.
I created a principal for OpenAFS. OpenAFS need des-cbc-crc:v4
(single-DES). I created the principal with:
kadmin.local -x ipa-setup-override-restrictions
The result is:
Principal: afs/cellname@Realm
Key: vno 1, des-cbc-crc, no salt
Key: vno 1, aes256-cts-hmac-sha1-96, no salt
Seems like the principal was set correctly with single-des.
I execute a "kinit username" and got my tgt.
kvno -e des-cbc-crc afs/cellname
kvno: KDC has no support for encryption type while getting credentials
for afs/cellname@REALM
kvno -e aes256-cts-hmac-sha1-96 afs/cellname
afs/[email protected]: kvno = 1
Iam wondering that i dont get a ticket with des-cbc-crc enctype from
FreeIPA Kerberos server.
Any ideas ?
cheers,
Andreas
Did you enable use of weak crypto?
See allow_weak_crypto setting in krb5.conf on the server.
http://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
