[Freeipa-users] FreeIPA Kerberos and Single-DES for OpenAFS
Andreas Ladanyi
andreas.ladanyi at kit.edu
Wed Nov 12 14:54:14 UTC 2014
Hi,
I set up the 389 LDAP server to support des-cbc-crc enctype.
I created a principal for OpenAFS. OpenAFS need des-cbc-crc:v4
(single-DES). I created the principal with:
kadmin.local -x ipa-setup-override-restrictions
The result is:
Principal: afs/cellname at Realm
Key: vno 1, des-cbc-crc, no salt
Key: vno 1, aes256-cts-hmac-sha1-96, no salt
Seems like the principal was set correctly with single-des.
I execute a "kinit username" and got my tgt.
kvno -e des-cbc-crc afs/cellname
kvno: KDC has no support for encryption type while getting credentials
for afs/cellname at REALM
kvno -e aes256-cts-hmac-sha1-96 afs/cellname
afs/cellname at PP.IPD.KIT.EDU: kvno = 1
Iam wondering that i dont get a ticket with des-cbc-crc enctype from
FreeIPA Kerberos server.
Any ideas ?
cheers,
Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5306 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141112/ed54a34d/attachment.p7s>
More information about the Freeipa-users
mailing list