We did a server replacement of our master KDC that had been on RHEL7 for years to finally upgrade to RHEL8. We did a dump of the database prior to the swap, we still have the old server sitting around as well. Principal database is on disk in old db2 style. Kerberos version is 1.18 for RHEL8, RHEL7 version is 1.15.
Everything went smooth, except any attempt to change a password results in: "change_password: Bad encryption type while changing password for < principal >" Doesn't matter if it is done over the network or with kadmin.local. If we unset the password policy for an account (modprinc -clearpolicy) we can change the password, but this isn't ideal. - We disabled FIPS and RHEL8 new crypto policies which gave no change - We restored the database again, with no change in behavior. - We removed policies from all accounts, removed all policies, recreated all policies, and re-applied all the policies to every account. No change. I'm stumped and have been trying different things for about 12 hours - help ? ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
