[OpenAFS] Re: AFS + CrossRealm + FreeIPA + Migration
Andrew Deason
adeason@sinenomine.net
Fri, 7 Nov 2014 10:37:08 -0600
On Fri, 07 Nov 2014 16:05:11 +0100
Andreas Ladanyi <andreas.ladanyi@kit.edu> wrote:
> sorry i didnt told that. In FreeIPA you must enable the DES salttype. I
> enabled the des-cbc-crc:normal and des-cbc-crc:v4.
I'm not too familiar with FreeIPA, but usually you need to enable "weak
enctypes" separately from enabling DES specifically. That is, you need
to turn on those specific enctypes (for the principal, and possibly for
the whole KDC), but you also need to enable "weak crypto" in krb5.conf
like Brandon mentioned.
Or maybe what you did for this was correct, and something else is the
problem. I'm sending some other things to try out in a moment.
--
Andrew Deason
adeason@sinenomine.net