On Tue, 2010-03-30 at 15:07 -0700, Russ Allbery wrote: > Matt Zagrabelny <[email protected]> writes: > > On Tue, 2010-03-30 at 14:46 -0700, Russ Allbery wrote: > > >> You need it on the client in addition to the server. > > > Good to know. :) > > > Unfortunately, the client is a Cisco Catalyst 3750. :/ > > > workstation% telnet.netkit switch3750 > > Trying 10.25.1.14... > > 'autologin': unknown argument ('toggle ?' for help). > > Connected to switch3750.d.umn.edu. > > Escape character is '^]'. > > Then that's probably not the problem. The Cisco box almost certainly > hasn't disabled DES (it's probably the only enctype that it supports). > > Please show the getprinc output for your krbtgt/* key and the user > principal that you're using. I bet one or the other of them has no DES > key.
Indeed. kadmin.local: getprinc mzagrabe Principal: [email protected] Expiration date: [never] Last password change: Wed Mar 24 15:44:13 CDT 2010 Password expiration date: [none] Maximum ticket life: 0 days 10:00:00 Maximum renewable life: 7 days 00:00:00 Last modified: Tue Mar 30 16:27:51 CDT 2010 (root/[email protected]) Last successful authentication: [never] Last failed authentication: [never] Failed password attempts: 0 Number of keys: 3 Key: vno 1, AES-256 CTS mode with 96-bit SHA-1 HMAC, no salt Key: vno 1, ArcFour with HMAC/md5, no salt Key: vno 1, Triple DES cbc mode with HMAC/sha1, no salt Attributes: Policy: [none] kadmin.local: getprinc krbtgt/D.UMN.EDU Principal: krbtgt/[email protected] Expiration date: [never] Last password change: [never] Password expiration date: [none] Maximum ticket life: 0 days 10:00:00 Maximum renewable life: 7 days 00:00:00 Last modified: Sat Sep 05 14:08:25 CDT 2009 ([email protected]) Last successful authentication: [never] Last failed authentication: [never] Failed password attempts: 0 Number of keys: 5 Key: vno 1, AES-256 CTS mode with 96-bit SHA-1 HMAC, no salt Key: vno 1, ArcFour with HMAC/md5, no salt Key: vno 1, Triple DES cbc mode with HMAC/sha1, no salt Key: vno 1, DES cbc mode with CRC-32, no salt Key: vno 1, DES cbc mode with RSA-MD5, no salt Attributes: REQUIRES_PRE_AUTH Policy: [none] it looks like the mzagrabe principle is missing the: Key: vno 1, DES cbc mode with CRC-32, no salt How would I add that key to the principle? Thanks, -matt ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
