winbind default encryption type for kerberos / RE: [Samba]
Urgent... winbind and keytab file creation
Gerald (Jerry) Carter
jerry at samba.org
Wed Apr 2 13:10:29 GMT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Oliver Weinmann wrote:
| Yes the "net ads keytab create" created the keytab file now. But in
the logs i can see that the encryption type used is not good:
|
| Apr 2 12:37:18 rhel4wbtest1 sshd[4542]: pam_krb5: error reading keys
for host/rhel4wbtest2.vegagroup.net from /etc/krb5/krb5.keytab: Bad
encryption type
| Apr 2 12:37:18 rhel4wbtest1 sshd[4542]: pam_krb5: authentication
fails for `tuser'
You probably need the single DES keys here. Run ktutil
and list -e to make sure you have the right enctypes in the
keytab file.
| does winbind by default use: rc4-hmac?
In newer versions, Yes.
ut why use pam_krb5 at all ? Why not simply use pam_winbind?
jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFH84XFIR7qMdg1EfYRAjdFAKCHNeKcXSErQ2D1dKLwyLjKPG2ZhACfQv0c
MEqiTLo9diBsElEYBIybG9o=
=3kjk
-----END PGP SIGNATURE-----
More information about the samba
mailing list