> On Tue, Jul 05, 2005 at 01:48:54PM -0700, Phil Dibowitz wrote: > > from kadmin, great (though is that "no salt" supposed to be there?)! > >=20 > > However, klist -e shows: > >=20 > > [EMAIL PROTECTED] unstale]$ klist -e > > Ticket cache: FILE:/tmp/krb5cc_36070 > > Default principal: [EMAIL PROTECTED] > >=20 > > Valid starting Expires Service principal > > 07/05/05 13:36:31 07/05/05 23:36:31 krbtgt/[EMAIL PROTECTED] > > Etype (skey, tkt): DES cbc mode with CRC-32, DES cbc mode with CR= > C-32=20 > > [EMAIL PROTECTED] unstale]$=20 > >=20 > > and the logs show: > >=20 > > Jul 05 13:36:31 frantic.usc.edu krb5kdc[26284](info): AS_REQ (3 etypes {2= > 3 16 > > 1}) 128.125.10.120: ISSUE: authtime 1120595791, etypes {rep=3D23 tkt=3D1 = > ses=3D1}, > > [EMAIL PROTECTED] for krbtgt/[EMAIL PROTECTED] > >=20 > > Neither the session key, nor my principal key seem to have been using the= > new > > encryption... it's not clear to me why... > > > Anyone?
My guess is that your krbtgt/[EMAIL PROTECTED] principal still only has a des key. 'cpw -randkey -keepold' on that principal to generate other keys. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos