Hi, I 'm trying to enable use of des3-hmac-sha1 as one of the supported enctypes on a Linux machine.
kdc.conf on my Linux machine is as below: master_key_type = des-cbc-crc supported_enctypes = des3-cbc-sha1:normal des-cbc-md5:normal des-cbc-crc:normal Created the database and restarted the kerberos services. I followed the below steps to run my client/server program that uses this KDC: 1) Added principals client/hostname and server/hostname to the kerberos database 2)Listed these principals using getprinc, it showed 3 keys. Each key indicating an encryption type as shown above. 3) Did a kinit client/hostname and kinit server/hostname from the client by specifying only des3-hmac-sha1 as the default_tgt/tgs_enctype in the client side krb5.conf. 4) klist -e displayed encryption key as DES3-CBC-SHA1 for both the client and the server. My client/server program worked fine. But when I repeated the above steps with "des-cbc-crc des3-cbc-sha1" as the default_tgt/tgs_enctype in the client side krb5.conf, the client/server program failed with GSS Exception and with Cryptography key des3-cbc-sha1 not found. On doing a klist -e it showed only DES-CBC-CRC. Can someone please help me resolve this? What is the order in which the encryption types are picked up on both client side or on the KDC side? Thank You. Regards, Chandrakala ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
