lucid has seen the end of its life and is no longer receiving any
updates. Marking the lucid task for this ticket as Won't Fix.
** Changed in: krb5 (Ubuntu Lucid)
Status: Confirmed = Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is
I'm going to move this back to 'Confirmed' so we can take a look at this
in the next sweep for bugs in krb5. There are 3 affected, so its likely
the problem is at least worth a look.
** Changed in: krb5 (Ubuntu)
Status: Incomplete = Confirmed
--
You received this bug notification because
Jean-Yves, did you tried the advice from Sam Hartman in comment #12 ?
Is is still an issue with Ubuntu 10.10 - Maverick ?
Was it an issue in Ubuntu 9.10 ?
** Also affects: krb5 (Ubuntu Lucid)
Importance: Undecided
Status: New
** Tags added: regression-release
** Tags removed:
I have encountered this issue as well. I use pam_kerberos and AD for
authentication and login authorization; this works fine.
However this issue affects kerberos mediated Single Sign On to apache
sites using mod_auth_kerb.so version 5.1 on the web server and the krb5
libraries on 10.04 (this
My guess is that the DES only checkbox is checked in your AD
configuration for the service account used by the Apache server. If you
clear that checkbox and generate a keytab including both RC4 and DES
keys then I suspect allow_weak_crypto will not be needed.
I'm sorry, but I do not have
After days of tests it seems it's a kerberos tickets forwarding problem,
smbclient replying with an spnego error claiming a lack of information from
kerberos.
The group resolving problem looks like an issue with ticket forwarding
(forwardable and forward true in appdefaults): the filer requires
If Allow_weak_crypto = true is making things work better with Windows,
something is broken somewhere else to cause this.
Without this parameter in krb5.conf the auth against the ADS to access
services like http goes wrong and asks fora login/pass instead of using
the kerberos tickets,
jean-yves == jean-yves chateaux jean-
yves.chate...@sagemcom.com writes:
If Allow_weak_crypto = true is making things work better with
Windows,
jean-yves something is broken somewhere else to cause this.
jean-yves Without this parameter in krb5.conf the auth against the
packages:
9.04 : krb5-user 1.6.dfsg.4~beta1-5ubuntu2.2 with likewise-open5
5.0.3991.1-0ubuntu2
10.04 : krb5-user 1.8.1+dfsg-2 with likewise 5.3.0-1
--
krb5 and ADS error using 10.04, not 9.04
https://bugs.launchpad.net/bugs/567188
You received this bug notification because you are a member of
jean-yves == jean-yves chateaux jean-
yves.chate...@sagemcom.com writes:
jean-yves The errors are the results of MIT resolution to exclude
jean-yves DES/DES3 from the supported enctypes (security reasons).
jean-yves The parameter allow_weak_crypto = true should be added
jean-yves
Thank you for taking the time to report this bug and helping to make Ubuntu
better. Please answer these questions:
1. Is this reproducible?
2. If so, what specific steps should we take to recreate this bug? Be as
detailed as possible.
This will help us to find and resolve the problem.
**
The errors are the results of MIT resolution to exclude DES/DES3 from the
supported enctypes (security reasons).
The parameter allow_weak_crypto = true should be added in the default
[libdefaults] section of /etc/krb5.conf.
Adding this parameter solved the errors of the original bug report but
jean-yves chateaux jean-yves.chate...@sagemcom.com writes:
The errors are the results of MIT resolution to exclude DES/DES3 from
the supported enctypes (security reasons).
DES3 was not marked as weak. Neither was rc4-hmac (enctype 23).
The export-grade rc4-hmac-exp is enctype 24 and was marked
Thank you for taking the time to report this bug and helping to make
Ubuntu better. This bug did not have a package associated with it, which
is important for ensuring that it gets looked at by the proper
developers. You can learn more about finding the right package at
14 matches
Mail list logo
