GSS-API and 3DES
Ben Cox
cox-work at djehuti.com
Mon Oct 7 09:15:00 EDT 2002
On Fri, 2002-10-04 at 16:42, Sam Hartman wrote:
> des3-cbc-raw is always wrong to use as a key; it is an internal
> enctype that you should never put in supported_enctypes in your
> kdc.conf.
Arrgh: RedHat 7.3 ships with a default kdc.conf file for which it
is the *first* *entry*. I see that it isn't in the stock config files
in the MIT source dist, though. I'll replace my list with the list
from the stock config. Thanks.
> Yes, des3-cbc-sha1 is known to work for GSSAPI. I suspect you have
> overly restrictive default_tgs_enctypes or default_tkt_enctypes on
> your client; comment them out and see what happens.
Bingo; that was it. It works now; thanks.
-- Ben
More information about the krbdev
mailing list