lucid has seen the end of its life and is no longer receiving any
updates. Marking the lucid task for this ticket as "Won't Fix".
** Changed in: krb5 (Ubuntu Lucid)
Status: Confirmed => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Server Team, which i
I'm going to move this back to 'Confirmed' so we can take a look at this
in the next sweep for bugs in krb5. There are 3 affected, so its likely
the problem is at least worth a look.
** Changed in: krb5 (Ubuntu)
Status: Incomplete => Confirmed
--
You received this bug notification because
Jean-Yves, did you tried the advice from Sam Hartman in comment #12 ?
Is is still an issue with Ubuntu 10.10 - Maverick ?
Was it an issue in Ubuntu 9.10 ?
** Also affects: krb5 (Ubuntu Lucid)
Importance: Undecided
Status: New
** Tags added: regression-release
** Tags removed: regression
My guess is that the DES only checkbox is checked in your AD
configuration for the service account used by the Apache server. If you
clear that checkbox and generate a keytab including both RC4 and DES
keys then I suspect allow_weak_crypto will not be needed.
I'm sorry, but I do not have instruct
I have encountered this issue as well. I use pam_kerberos and AD for
authentication and login authorization; this works fine.
However this issue affects kerberos mediated Single Sign On to apache
sites using mod_auth_kerb.so version 5.1 on the web server and the krb5
libraries on 10.04 (this used
After days of tests it seems it's a kerberos tickets forwarding problem,
smbclient replying with an spnego error claiming a lack of information from
kerberos.
The group resolving problem looks like an issue with ticket forwarding
(forwardable and forward true in appdefaults): the filer requires
> "jean-yves" == jean-yves chateaux writes:
>> If Allow_weak_crypto = true is making things work better with
>> Windows,
jean-yves> something is broken somewhere else to cause this.
jean-yves> Without this parameter in krb5.conf the auth against the
jean-yves> ADS to
> If Allow_weak_crypto = true is making things work better with Windows,
something is broken somewhere else to cause this.
Without this parameter in krb5.conf the auth against the ADS to access
services like http goes wrong and asks fora login/pass instead of using
the kerberos tickets, claimi
> "jean-yves" == jean-yves chateaux writes:
jean-yves> The errors are the results of MIT resolution to exclude
jean-yves> DES/DES3 from the supported enctypes (security reasons).
jean-yves> The parameter "allow_weak_crypto = true" should be added
jean-yves> in the default [lib
packages:
9.04 : krb5-user 1.6.dfsg.4~beta1-5ubuntu2.2 with likewise-open5
5.0.3991.1-0ubuntu2
10.04 : krb5-user 1.8.1+dfsg-2 with likewise 5.3.0-1
--
krb5 and ADS error using 10.04, not 9.04
https://bugs.launchpad.net/bugs/567188
You received this bug notification because you are a member of U
jean-yves chateaux writes:
> The errors are the results of MIT resolution to exclude DES/DES3 from
the supported enctypes (security reasons).
DES3 was not marked as "weak". Neither was rc4-hmac (enctype 23).
The "export-grade" rc4-hmac-exp is enctype 24 and was marked as weak,
but that doesn't
The errors are the results of MIT resolution to exclude DES/DES3 from the
supported enctypes (security reasons).
The parameter "allow_weak_crypto = true" should be added in the default
[libdefaults] section of /etc/krb5.conf.
Adding this parameter solved the errors of the original bug report but
Thank you for taking the time to report this bug and helping to make Ubuntu
better. Please answer these questions:
1. Is this reproducible?
2. If so, what specific steps should we take to recreate this bug? Be as
detailed as possible.
This will help us to find and resolve the problem.
** Changed
Thank you for taking the time to report this bug and helping to make
Ubuntu better. This bug did not have a package associated with it, which
is important for ensuring that it gets looked at by the proper
developers. You can learn more about finding the right package at
https://wiki.ubuntu.com/Bug
14 matches
Mail list logo
