>And now, I cannot get kadmin.local to NOT make 3DES
>keys.  I have tried:
>
>1.  kdc_supported_enctypes = des-cbc-crc:normal
>2.  supported_enctypes = des-cbc-crc:normal
>3.  Both 1 and 2 at the same time
>4.  1, 2, and 3 after restarting everything
>5.  Checked and rechecked that I am editing the
>     only kdc.conf on my entire box (find ...)

Silly question time: exactly where do you think your kdc.conf is?
I found a bunch of times that people would mistakenly place it in /etc,
and the KDC would happily start up without reading it.  You could use
a system call tracer to make sure it's reading the right file.

>   kadmin.local:  ktadd -e des-cbc-crc host/noodle.foo.com
>   ktadd: Invalid argument while parsing keysalts de
>
>                                                  ^^ ????

You forgot to append the salt here (the ":normal" part).  Perhaps that
should be a default ... but it did tell you that the error was in parsing
the keysalt (I dunno why it picks the first few letters of the enctype
in that error message, but that's what it's doing).

--Ken
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

Reply via email to