On 02/07/2017 03:17 AM, Rainer Krienke wrote: > Afterwards I am able to run kamin.local and can eg list all the > principals. However I am unable to login using kamin.local -m using my > database master password which works on server A.
The default master key type changed from des3-cbc-sha1 to aes256-cts in release 1.9. Unfortunately, we are not as friendly about the master key enctype as we could be, due to this issue: http://krbdev.mit.edu/rt/Ticket/Display.html?id=6641 If you configure "master_key_enctype = des3-cbc-sha1" in the [realms] subsection for your realm in kdc.conf (or krb5.conf), I believe it should work again (in both versions). Alternatively, you could rotate the master key by following this procedure: http://web.mit.edu/kerberos/krb5-latest/doc/admin/database.html?highlight=master#updating-the-master-key I am curious why you sometimes use the typed-in master key password when you have a stash file. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
