winbind default encryption type for kerberos / RE: [Samba] Urgent... winbind and keytab file creation

Gerald (Jerry) Carter jerry at samba.org
Wed Apr 2 13:10:29 GMT 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Oliver Weinmann wrote:
| Yes the "net ads keytab create" created the keytab file now. But in
the logs i can see that the encryption type used is not good:
|
|  Apr  2 12:37:18 rhel4wbtest1 sshd[4542]: pam_krb5: error reading keys
for host/rhel4wbtest2.vegagroup.net from /etc/krb5/krb5.keytab: Bad
encryption type
| Apr  2 12:37:18 rhel4wbtest1 sshd[4542]: pam_krb5: authentication
fails for `tuser'

You probably need the single DES keys here.  Run ktutil
and list -e to make sure you have the right enctypes in the
keytab file.

| does winbind by default use: rc4-hmac?

In newer versions, Yes.

ut why use pam_krb5 at all ?  Why not simply use pam_winbind?



jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFH84XFIR7qMdg1EfYRAjdFAKCHNeKcXSErQ2D1dKLwyLjKPG2ZhACfQv0c
MEqiTLo9diBsElEYBIybG9o=
=3kjk
-----END PGP SIGNATURE-----


More information about the samba mailing list