>>>>> "jean-yves" == jean-yves chateaux <jean-
yves.chate...@sagemcom.com> writes:
jean-yves> The errors are the results of MIT resolution to exclude
jean-yves> DES/DES3 from the supported enctypes (security reasons).
jean-yves> The parameter "allow_weak_crypto = true" should be added
jean-yves> in the default [libdefaults] section of /etc/krb5.conf.
That's very strange. All versions of Windows have supported rc4
(arcfour-hmac-md5 in MIT terms), and no version of Windows should
require DES to work.
If Allow_weak_crypto = true is making things work better with Windows,
something is broken somewhere else to cause this.
jean-yves> Adding this parameter solved the errors of the original
jean-yves> bug report but leads to a new one: likewise+krb5 cannot
jean-yves> get the authenticated user groups correctly from the ADS
jean-yves> when trying to browse samba shares using tickets. It
jean-yves> looks like a bug in krb5 when using "allow_weak_crypto =
jean-yves> true" in the des/des3 "old school" support. This support
jean-yves> is _not_ like the previous des/des3 krb version support.
That's very strange. There have been some changes in DES support
surrounding reorganization of libk5crypto, however at this point, I
think we have fairly high confidence in that code.
Note that allow_weak_crypto is not new in 1.8; the thing that is new in
1.8 is that the default changed from true to false.
--Sam
--
krb5 and ADS error using 10.04, not 9.04
https://bugs.launchpad.net/bugs/567188
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
