How is ktadd *supposed* to figure out which enctype(s) to use? I am seeing an issue where kadmin’s ktadd, if left to its own devices, will generate a key with an encryption type that has nothing to do with the KDC’s supported_enctype list and ktadd seems to completely ignore the local client’s default/permitted enctype settings.
KDC supports: des3-cbc-sha1 des-cbc-crc (I know, I know) Client’s krb5.conf tells it to support: des-cbc-crc (I know, I know) But when we run ktadd the resulting keytab’s key has des-cbc-md5 The client is an Oracle Linux with 1.6.1 krb5 client software. Also, the KDC is using Sun Solaris 10 Kerberos software (not MIT). Thanks for any insight! jd
smime.p7s
Description: S/MIME cryptographic signature
________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
