Skip Menu |

Download (untitled) / with headers
text/plain 2.4KiB
From Sun Oct 31 16:09:45 1999
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU []) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id QAA11695 for <bugs@RT-11.MIT.EDU>; Sun, 31 Oct 1999 16:09:45 -0500
Received: from by MIT.EDU with SMTP
id AA13779; Sun, 31 Oct 99 16:10:02 EST
Received: from ( [])
by (8.9.3/8.9.3) with ESMTP id QAA39158
for <>; Sun, 31 Oct 1999 16:09:42 -0500 (EST)
Received: (from root@localhost)
by (8.9.3/8.9.3) id QAA00522;
Sun, 31 Oct 1999 16:09:42 -0500 (EST)
Message-Id: <>
Date: Sun, 31 Oct 1999 16:09:42 -0500 (EST)
To: krb5-bugs@MIT.EDU
Subject: krb5_util load_v4 creates bad krbtgt principal
X-Send-Pr-Version: 3.99

Show quoted text
>Number: 782
>Category: krb5-kdc
>Synopsis: krb5_util load_v4 creates bad krbtgt principal
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Sun Oct 31 16:10:01 EST 1999
>Originator: Garrett A. Wollman
MIT Laboratory for Computer Science
Show quoted text
>Release: krb5-1.1

System: FreeBSD 4.0-CURRENT FreeBSD 4.0-CURRENT #4: Wed Jul 14 16:57:46 EDT 1999 i386

Show quoted text
I just moved over our KDC from v4 to v5. All of the v4-compatibility
features appear to work fine, but when I attempted to use a v5
application (e.g., ssh), I found that the KDC would not accept
its own TGTs, complaining of a `bad encrpytion type'. Groveling
around in the source for a few minutes did not help explain
the problem, but it did find me a workaround.
Show quoted text
kdc# kdb5_util create
kdc# kdb5_util destroy
kdc# kdb5_util load_v4 database-dump-from-v4-kdc
host1$ ssh -v -o 'KerberosAuthentication=YES' host2
host1: Kerberos V5: failure on credentials(Generic error (see e-text)).
kdc# tail /var/log/auth.log
krb5kdc[372]: TGS_REQ PROCESS_TGS: authtime 0, <unknown client> for krbtgt/LCS.MIT.EDU@LCS.MIT.EDU, Bad encryption type
Show quoted text
kadmin: modprinc -support_desmd5 krbtgt/LCS.MIT.EDU@LCS.MIT.EDU

Show quoted text
Fixed in krb5-1.2.3 along with the whole single-DES enctype mess.