From root@ca.lcs.mit.edu Sun Oct 31 16:09:45 1999
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id QAA11695 for <bugs@RT-11.MIT.EDU>; Sun, 31 Oct 1999 16:09:45 -0500
Received: from khavrinen.lcs.mit.edu by MIT.EDU with SMTP
id AA13779; Sun, 31 Oct 99 16:10:02 EST
Received: from ca.lcs.mit.edu (ca.lcs.mit.edu [18.24.10.177])
by khavrinen.lcs.mit.edu (8.9.3/8.9.3) with ESMTP id QAA39158
for <krb5-bugs@mit.edu>; Sun, 31 Oct 1999 16:09:42 -0500 (EST)
(envelope-from root@ca.lcs.mit.edu)
Received: (from root@localhost)
by ca.lcs.mit.edu (8.9.3/8.9.3) id QAA00522;
Sun, 31 Oct 1999 16:09:42 -0500 (EST)
(envelope-from root@ca.lcs.mit.edu)
Message-Id: <199910312109.QAA00522@ca.lcs.mit.edu>
Date: Sun, 31 Oct 1999 16:09:42 -0500 (EST)
From: wollman@lcs.mit.edu
Reply-To: wollman@lcs.mit.edu
To: krb5-bugs@MIT.EDU
Subject: krb5_util load_v4 creates bad krbtgt principal
X-Send-Pr-Version: 3.99
System: FreeBSD ca.lcs.mit.edu 4.0-CURRENT FreeBSD 4.0-CURRENT #4: Wed Jul 14 16:57:46 EDT 1999 root@ca.lcs.mit.edu:/usr/src/sys/compile/CA i386
features appear to work fine, but when I attempted to use a v5
application (e.g., ssh), I found that the KDC would not accept
its own TGTs, complaining of a `bad encrpytion type'. Groveling
around in the source for a few minutes did not help explain
the problem, but it did find me a workaround.
kdc# kdb5_util destroy
kdc# kdb5_util load_v4 database-dump-from-v4-kdc
host1$ ssh -v -o 'KerberosAuthentication=YES' host2
host1: Kerberos V5: failure on credentials(Generic error (see e-text)).
kdc# tail /var/log/auth.log
krb5kdc[372]: TGS_REQ 18.24.4.193(750): PROCESS_TGS: authtime 0, <unknown client> for krbtgt/LCS.MIT.EDU@LCS.MIT.EDU, Bad encryption type
kadmin: modprinc -support_desmd5 krbtgt/LCS.MIT.EDU@LCS.MIT.EDU
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id QAA11695 for <bugs@RT-11.MIT.EDU>; Sun, 31 Oct 1999 16:09:45 -0500
Received: from khavrinen.lcs.mit.edu by MIT.EDU with SMTP
id AA13779; Sun, 31 Oct 99 16:10:02 EST
Received: from ca.lcs.mit.edu (ca.lcs.mit.edu [18.24.10.177])
by khavrinen.lcs.mit.edu (8.9.3/8.9.3) with ESMTP id QAA39158
for <krb5-bugs@mit.edu>; Sun, 31 Oct 1999 16:09:42 -0500 (EST)
(envelope-from root@ca.lcs.mit.edu)
Received: (from root@localhost)
by ca.lcs.mit.edu (8.9.3/8.9.3) id QAA00522;
Sun, 31 Oct 1999 16:09:42 -0500 (EST)
(envelope-from root@ca.lcs.mit.edu)
Message-Id: <199910312109.QAA00522@ca.lcs.mit.edu>
Date: Sun, 31 Oct 1999 16:09:42 -0500 (EST)
From: wollman@lcs.mit.edu
Reply-To: wollman@lcs.mit.edu
To: krb5-bugs@MIT.EDU
Subject: krb5_util load_v4 creates bad krbtgt principal
X-Send-Pr-Version: 3.99
Show quoted text
>Number: 782
>Category: krb5-kdc
>Synopsis: krb5_util load_v4 creates bad krbtgt principal
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Sun Oct 31 16:10:01 EST 1999
>Last-Modified:
>Originator: Garrett A. Wollman
>Organization:
MIT Laboratory for Computer Science>Category: krb5-kdc
>Synopsis: krb5_util load_v4 creates bad krbtgt principal
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Sun Oct 31 16:10:01 EST 1999
>Last-Modified:
>Originator: Garrett A. Wollman
>Organization:
Show quoted text
>Release: krb5-1.1
>Environment:
>Environment:
System: FreeBSD ca.lcs.mit.edu 4.0-CURRENT FreeBSD 4.0-CURRENT #4: Wed Jul 14 16:57:46 EDT 1999 root@ca.lcs.mit.edu:/usr/src/sys/compile/CA i386
Show quoted text
>Description:
I just moved over our KDC from v4 to v5. All of the v4-compatibilityfeatures appear to work fine, but when I attempted to use a v5
application (e.g., ssh), I found that the KDC would not accept
its own TGTs, complaining of a `bad encrpytion type'. Groveling
around in the source for a few minutes did not help explain
the problem, but it did find me a workaround.
Show quoted text
>How-To-Repeat:
kdc# kdb5_util createkdc# kdb5_util destroy
kdc# kdb5_util load_v4 database-dump-from-v4-kdc
host1$ ssh -v -o 'KerberosAuthentication=YES' host2
host1: Kerberos V5: failure on credentials(Generic error (see e-text)).
kdc# tail /var/log/auth.log
krb5kdc[372]: TGS_REQ 18.24.4.193(750): PROCESS_TGS: authtime 0, <unknown client> for krbtgt/LCS.MIT.EDU@LCS.MIT.EDU, Bad encryption type
Show quoted text
>Fix:
work-around:kadmin: modprinc -support_desmd5 krbtgt/LCS.MIT.EDU@LCS.MIT.EDU
Show quoted text
>Audit-Trail:
>Unformatted:
>Unformatted: