Hi, I set up a kerberos server on a raspberry platform. To prove that all is working I enabled the telnetd to use kerberos auth. When trying to connect to the localhost or the ip assigned (so just use the -current telnet with the -current telnetd and the -current kerberos server) to the network interface I get the following error:
Trying 192.168.1.221... Connected to raspberry.martinlaabs.de. Escape character is '^]'. [ Trying mutual KERBEROS5 (host/raspberry.martinlaabs...@martinlaabs.de)... ] Kerberos V5: mk_req failed (encryption type des-cbc-crc is disabled) [ Trying KERBEROS5 (host/raspberry.martinlaabs...@martinlaabs.de)... ] Kerberos V5: mk_req failed (encryption type des-cbc-crc is disabled) This is very strange because there are no des-cbc-crc keys at all and I wonder why telnetd is asking for that deprecated key type. When enabling the weak crypto option in krb5.conf the error message changes but the main problem of the des-cbc-crc key remains: Trying 192.168.1.231... Connected to raspberry.martinlaabs.de. Escape character is '^]'. [ Trying mutual KERBEROS5 (host/raspberry.martinlaabs...@martinlaabs.de)... ] Kerberos V5: mk_req failed (KDC has no support for encryption type) [ Trying KERBEROS5 (host/raspberry.martinlaabs...@martinlaabs.de)... ] Kerberos V5: mk_req failed (KDC has no support for encryption type) So why does telnet or telnetd wants to use the des-cbc-crc key type and not some recent and secure key types? Thank you, Martin Laabs _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
