On Aug 26, 2011, at 9:26, I wrote: > I think I solved the problem, but am out of the office today to fully test > it. It involved setting the default realm and adding some encryption types > to the /etc/krb5.conf file. What I still don't understand is what has > changed in CentOS 6 that causes a kickstarted system not to be able to > authenticate users whereas a CentOS 5 system can. I need to do a few more > installs to track down the root cause, and then I'll post an update here.
I needed the following lines in the [libdefaults] section of the /etc/krb5.conf to let users authenticate against our Windows AD backend: default_tkt_enctypes = arcfour-hmac-md5 des-cbc-md5 des-cbc-crc des3-cbc-sha1 default_tgs_enctypes = arcfour-hmac-md5 des-cbc-md5 des-cbc-crc des3-cbc-sha1 permitted_enctypes = arcfour-hmac-md5 des-cbc-md5 des-cbc-crc des3-cbc-sha1 whereas in CentOS 5 I only needed the following: default_tkt_enctypes = des-cbc-md5 default_tgs_enctypes = des-cbc-md5 I think I only needed to add the first encryption type to get it to work, but I left them all in for now. I hope this helps someone else in the future if they run into something similar. Alfred _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
