[Bug 567188] Re: krb5 and ADS error using 10.04, not 9.04
jean-yves chateaux
jean-yves.chateaux at sagemcom.com
Mon Apr 26 15:32:34 BST 2010
The errors are the results of MIT resolution to exclude DES/DES3 from the supported enctypes (security reasons).
The parameter "allow_weak_crypto = true" should be added in the default [libdefaults] section of /etc/krb5.conf.
Adding this parameter solved the errors of the original bug report but leads to a new one: likewise+krb5 cannot get the authenticated user groups correctly from the ADS when trying to browse samba shares using tickets.
It looks like a bug in krb5 when using "allow_weak_crypto = true" in the des/des3 "old school" support.
This support is _not_ like the previous des/des3 krb version support.
MIT isn't really in "verbose mode" about the code they modified to make this partial support ""good enough"".
--
krb5 and ADS error using 10.04, not 9.04
https://bugs.launchpad.net/bugs/567188
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5 in ubuntu.
More information about the Ubuntu-server-bugs
mailing list