[Freeipa-users] ipa-getkeytab -e des3-hmac-sha1 doesnt work
Andreas Ladanyi
andreas.ladanyi at kit.edu
Tue Dec 2 11:08:24 UTC 2014
> On Mon, 01 Dec 2014 11:53:11 +0100
> Andreas Ladanyi <andreas.ladanyi at kit.edu> wrote:
>
>> Hi,
>>
>> Server: FreeIPA 3.3.5, Fedora 20
>> Client: Ubuntu 14.04
>>
>> ipa-getkeytab -s freeipaserver -p principal at REALM -k
>> /tmp/principal.keytab -e des3-hmac-sha1 -P
>>
>> only results in:
>>
>> klist -k /tmp/principal.keytab -e
>> Keytab name: FILE:/tmp/principal.keytab
>> KVNO Principal
> The 2 enctypes are equivalent and can be interchanged afaik.
>
> Simo.
>
Ok.
Another question: Is it possible to generate keys with no salt instead
of Version 5 (normal) salt ?
I want to generate a des3 key with no salt:
ipa-getkeytab -s freeipaserver -p principal at REALM -k
/tmp/principal.keytab -e des3-hmac-sha1:v4 -P
The answer is:
Bad or unsupported salt type.
Failed to create key material
I configured the des3-hmac-sha1:v4 in LDAP and in kdc.conf
Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5306 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141202/318d386f/attachment.p7s>
More information about the Freeipa-users
mailing list