Hi, This nice presentation on kerberos encryption types from Will Fiveash should clear your doubts.
http://www.filibeto.org/~aduritz/truetrue/solaris10/krb_enctypes_so8.pdf Preetam --- chandrakala <[EMAIL PROTECTED]> wrote: > Hi, > > I 'm trying to enable use of des3-hmac-sha1 as one > of the supported enctypes on a Linux machine. > > kdc.conf on my Linux machine is as below: > master_key_type = des-cbc-crc > supported_enctypes = des3-cbc-sha1:normal > des-cbc-md5:normal des-cbc-crc:normal > > Created the database and restarted the kerberos > services. > > I followed the below steps to run my client/server > program that uses this KDC: > > 1) Added principals client/hostname and > server/hostname to the kerberos database > > 2)Listed these principals using getprinc, it showed > 3 keys. Each key indicating an encryption type as > shown above. > > 3) Did a kinit client/hostname and kinit > server/hostname from the client by specifying only > des3-hmac-sha1 as the default_tgt/tgs_enctype in the > client side krb5.conf. > > 4) klist -e displayed encryption key as > DES3-CBC-SHA1 for both the client and the server. My > client/server program worked fine. > > But when I repeated the above steps with > "des-cbc-crc des3-cbc-sha1" as the > default_tgt/tgs_enctype in the client side > krb5.conf, the client/server program failed with GSS > Exception and with > Cryptography key des3-cbc-sha1 not found. > > On doing a klist -e it showed only DES-CBC-CRC. > > Can someone please help me resolve this? What is the > order in which the encryption types are picked up on > both client side or on the KDC side? Thank You. > > Regards, > Chandrakala > > > > > > > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos