On Tue, 17 Feb 2015, Giuseppe Mazza wrote: > On 17/02/15 17:36, Benjamin Kaduk wrote: > > On Tue, 17 Feb 2015, Giuseppe Mazza wrote: > > > client% head -20 /etc/krb5.conf > [appdefaults] > # [dwm] necessary for DOC.IC.AC.UK > allow_weak_crypto=true > > [libdefaults] > default_realm = DOC.IC.AC.UK > > # The following krb5.conf variables are only for MIT Kerberos. > krb4_config = /etc/krb.conf > krb4_realms = /etc/krb.realms > kdc_timesync = 1 > ccache_type = 4 > forwardable = true > proxiable = true > > # [dwm] necessary for DOC.IC.AC.UK > allow_weak_crypto=true > > # The following encryption type specification will be used by MIT Kerberos > # if uncommented. In general, the defaults in the MIT Kerberos code are
Are any of the encryption type specifications in the following lines of the file uncommented? I don't think we've heard any other reports of this sort of issue with ksu, and I don't think that its code does anything special that would fail to respect allow_weak_crypto, so I am rather puzzled at the behavior you are seeing. Also, you say you are upgrading to Ubuntu 14.04 with krb5 1.12+dfsg-2ubuntu5.1, but what version were you upgrading from? The krb5 1.10+dfsg~beta1-2ubuntu0.6 in Ubuntu 12.04? -Ben ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
