Ticket #488 (closed defect: fixed)
kerberos-config needs to set allow_weak_crypto
Reported by: | broder | Owned by: | |
---|---|---|---|
Priority: | blocker | Milestone: | |
Component: | -- | Keywords: | |
Cc: | Fixed in version: | ||
Upstream bug: |
Description
The ATHENA.MIT.EDU KDC seems to only support the des-cbc-crc enctype. As of krb5 1.8, that's defined as "weak crypto", and the krb5 clients won't talk to the KDC by default.
Until the KDC is upgraded or reconfigured to allow shinier enctypes, we need to set allow_weak_crypto = true in the [libdefaults] section of krb5.conf.
From some preliminary testing, it looks like that setting has no affect in the older versions of krb5 we still support.
Change History
Note: See
TracTickets for help on using
tickets.
r24287 (with supplemental fix in r24288), in proposed.