jean-yves chateaux <jean-yves.chate...@sagemcom.com> writes: > The errors are the results of MIT resolution to exclude DES/DES3 from the supported enctypes (security reasons).
DES3 was not marked as "weak". Neither was rc4-hmac (enctype 23). The "export-grade" rc4-hmac-exp is enctype 24 and was marked as weak, but that doesn't explain the "KRB5KDC_ERR_ETYPE_NOSUPP" when requesting rc4-hmac (23). > The parameter "allow_weak_crypto = true" should be added in the default [libdefaults] section of /etc/krb5.conf. > Adding this parameter solved the errors of the original bug report but leads to a new one: likewise+krb5 cannot get the authenticated user groups correctly from the ADS when trying to browse samba shares using tickets. The user groups problem probably has nothing to do with disabling weak crypto. I think more information is needed. In particular, what package versions for the krb5 packages are in each configuration? -- krb5 and ADS error using 10.04, not 9.04 https://bugs.launchpad.net/bugs/567188 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to krb5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
