On Tue, 2009-12-29 at 11:39 -0500, Jeff Blaine wrote: > > Do you have RC4 ("arcfour-hmac-md5", etc.) configured in > > your "supported_enctypes" on that KDC? > > I don't understand why I would need to specify that (?)
Tom was asking that to verify that his understanding of your problem was correct; he wasn't suggesting a workaround. The problem is that addprinc -randkey works in an odd way: it creates the principal with a dummy password (and a flag to disallow issuing of tickets) and then asks the kadmin server to randomize the password. In krb5 1.6, the dummy password is a 255-byte string containing all possible byte values. This is what causes the problem with a krb5 1.7 server if you're supporting RC4 keys, because that dummy password is not valid UTF-8. krb5 1.7 clients use a different dummy password which doesn't have this problem. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos