Changes between Version 10 and Version 12 of Ticket #529
- Timestamp:
- 09/04/10 00:45:57 (14 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #529
- Property Priority changed from major to critical
-
Ticket #529 – Description
v10 v12 31 31 * I cannot log in to [https://mit-mailsec-cc.mit.edu:41443/brightmail Brightmail]: “Invalid user name or password. Please try again.” 32 32 * I cannot log in to Windows after starting the Citrix ICA Client from [https://citrix.mit.edu/Citrix/MetaFrameXP/frameset.jsp Citrix MetaFrame XP]: “The system could not log you on. Make sure your User name and domain are correct, then type your password again. Letters in passwords must be typed using the correct case.” 33 * I cannot log in to the MIT SECURE wireless network: 34 {{{ 35 NetworkManager[1083]: <info> (eth1): supplicant connection state: associating -> associated 36 wpa_supplicant[1185]: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected 37 wpa_supplicant[1185]: EAP-TLV: TLV Result - Failure 38 wpa_supplicant[1185]: CTRL-EVENT-EAP-FAILURE EAP authentication failed 39 }}} 33 40 34 41 Given that single-DES is critically weak, is disabled by default in current releases of Kerberos, and will be removed entirely in future releases, we should talk with network and try to get these little problems worked out sooner rather than later. 42 43 == Solution == 44 45 In at least [comment:8 one case] (ca.mit.edu), the problem was that the server’s `/etc/krb5.conf` had the line `default_tkt_enctypes = des-cbc-crc`. This line [comment:9 should be removed]. Since we think this misconfigured `/etc/krb5.conf` has been copied to many MIT servers, that’s probably all we need to do to fix most or all of these problems.