[OpenAFS] Force crypto type
Davis, Adam
adam.davis@imperial.ac.uk
Wed, 24 Aug 2005 16:26:14 +0100
>From what I read with Win-2003 SP1 KDC you can force the encryption type
to be something that AFS can use. i.e cbc-crc cbc-md5
I have tried all the following without success in krb5.conf
default_tkt_enctypes =3D des-cbc-crc,des-cbc-md5
default_tgs_enctypes =3D des-cbc-crc,des-cbc-md5
default_etypes =3D des-cbc-crc,des-cbc-md5
default_etypes_des =3D des-cbc-crc,des-cbc-md5
permitted_enctypes =3Ddes-cbc-crc des-cbc-md5 des-cbc-crc
I can force the skey part of the Etype to be CRC by the looks of it but
I still end up with ArcFour MD5 in the second part.
-bash-2.05b# klist -e -f
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: user1@IC.AC.UK
=20
Valid starting Expires Service principal
08/24/05 13:15:23 08/24/05 23:15:23 krbtgt/IC.AC.UK@IC.AC.UK
Flags: IA, Etype (skey, tkt): DES cbc mode with CRC-32, ArcFour
with HMAC/md5=20
08/24/05 13:16:11 08/24/05 23:15:23 afs/ic.ac.uk@IC.AC.UK
Flags: A, Etype (skey, tkt): DES cbc mode with CRC-32, DES cbc
mode with RSA-MD5
=20
Am I missing something here ? I am guessing that this is not working
because of the encryption type and not something else I am doing wrong=20
Regards
Adam....