>And now, I cannot get kadmin.local to NOT make 3DES >keys. I have tried: > >1. kdc_supported_enctypes = des-cbc-crc:normal >2. supported_enctypes = des-cbc-crc:normal >3. Both 1 and 2 at the same time >4. 1, 2, and 3 after restarting everything >5. Checked and rechecked that I am editing the > only kdc.conf on my entire box (find ...)
Silly question time: exactly where do you think your kdc.conf is? I found a bunch of times that people would mistakenly place it in /etc, and the KDC would happily start up without reading it. You could use a system call tracer to make sure it's reading the right file. > kadmin.local: ktadd -e des-cbc-crc host/noodle.foo.com > ktadd: Invalid argument while parsing keysalts de > > ^^ ???? You forgot to append the salt here (the ":normal" part). Perhaps that should be a default ... but it did tell you that the error was in parsing the keysalt (I dunno why it picks the first few letters of the enctype in that error message, but that's what it's doing). --Ken ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos