[Freeipa-users] KDC has no support for encryption type
Dmitri Pal
dpal at redhat.com
Mon Dec 29 22:23:35 UTC 2014
On 12/29/2014 05:09 PM, Matt . wrote:
> Hi All,
>
> Why doing some IPA commands on my 4.1.2 install I get the following error:
>
>
> ipa: ERROR: Kerberos error: Kerberos error: ('Unspecified GSS failure.
> Minor code may provide more
> information', 851968)/('KDC has no support for
> encryption type', -1765328370)/
>
> I already tried to add this to my [libdefaults] in my krb5.conf:
>
>
> [libdefaults]
> ...
> allow_weak_crypto = yes
> default_tkt_enctypes = RC4-HMAC, DES-CBC-CRC, DES3-CBC-SHA1,DES-CBC-MD5
> default_tgs_enctypes = RC4-HMAC, DES-CBC-CRC, DES3-CBC-SHA1, DES-CBC-MD5
I am not sure about spaces but I suspect it is OK.
What is not OK is probably that you not listed all other encryption
types that IPA assumes.
If you need weaker ciphers you need to list them in addition to the
strong ones.
http://web.mit.edu/kerberos/krb5-1.13/doc/admin/conf_files/krb5_conf.html
>
> But this doesn't seem to fix it.
>
> Is this still the known bug in 4.x ?
>
> And can I fix it ?
>
> Thanks!
>
> Matt
>
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
More information about the Freeipa-users
mailing list