[Freeipa-users] ipa-getkeytab -e des3-hmac-sha1 doesnt work
Andreas Ladanyi
andreas.ladanyi at kit.edu
Mon Dec 1 10:53:11 UTC 2014
Hi,
Server: FreeIPA 3.3.5, Fedora 20
Client: Ubuntu 14.04
ipa-getkeytab -s freeipaserver -p principal at REALM -k
/tmp/principal.keytab -e des3-hmac-sha1 -P
only results in:
klist -k /tmp/principal.keytab -e
Keytab name: FILE:/tmp/principal.keytab
KVNO Principal
----
--------------------------------------------------------------------------
5 principal at REALM (des3-cbc-sha1)
/var/kerberos/krb5kdc/kdc.conf:
[kdcdefaults]
kdc_ports = 88
kdc_tcp_ports = 88
restrict_anonymous_to_tgt = true
[realms]
REALM = {
master_key_type = aes256-cts
max_life = 7d
max_renewable_life = 14d
acl_file = /var/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
default_principal_flags = +preauth
; admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
pkinit_identity = FILE:/var/kerberos/krb5kdc/kdc.pem
pkinit_anchors = FILE:/var/kerberos/krb5kdc/cacert.pem
supported_enctypes = aes256-cts-hmac-sha1-96:normal
aes128-cts-hmac-sha1-96:normal des3-cbc-sha1:normal
arcfour-hmac-md5:normal des-cbc-crc:v4 des3-hmac-sha1:normal
}
I added the "des3-hmac-sha1:normal" entry in "supported_enctypes" parameter.
There is also an attributes entry krbDefaultEncSaltTypes and
krbSupportedEncSaltTypes with the value "des3-hmac-sha1:normal" in 389 LDAP.
cheers,
Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5306 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141201/8b43c8ed/attachment.p7s>
More information about the Freeipa-users
mailing list