No the KDCs do not have that option set. I did set it on the one client (which I upgraded to the latest Ubuntu)
I think the best (and most secure) practice would be to regenerate all the keytabs and the trust, so I'll tackle it next week. Thanks for your help! Rohit Russ Allbery wrote: > Rohit Kumar Mehta <[email protected]> writes: > > >> Thanks for your help Russ. My keys are indeed only plain DES keys, but >> I also have allow_weak_crypto set to true. (We're using Kerberized NFS >> in Linux which I think at this point requires weak crypto) >> > > Is allow_weak_crypto also set on the KDCs involved? > > >> So I guess I will have to generate new keytabs and recreate the trust, >> and that problem should go away? >> > > You should not need to do any of that if allow_weak_crypto is set. > > -- Rohit Mehta Computer Engineer University of Connecticut Engineering Computing Services 371 Fairfield Road Unit 2031 Storrs, CT 06269-2031 Office: (860) 486 - 2331 Fax: (860) 486 - 1273 ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
