[Freeipa-devel] [PATCH] 965 Allow ipa-getkeytab to skip missing enctypes
Rob Crittenden
rcritten at redhat.com
Fri Feb 24 03:05:24 UTC 2012
We noticed that older client machines couldn't join FreeIPA 2.1.90
servers running KDC 1.90. It was failing to return a ticket for DES so
the whole keytab request was failing.
I changed it so failures are acceptable as long as one requested type is
returned.
I wasn't able to get my KDC to actually return a DES key despite
enabling weak crypto and adding the des enctypes. Not sure if this is a
problem on my end or not. I used RHEL 5 as the client.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-rcrit-965-getkeytab.patch
Type: text/x-diff
Size: 3100 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120223/f052d157/attachment.bin>
More information about the Freeipa-devel
mailing list