Date: Wed, 11 Sep 2013 17:43:08 +0200 From: Martin Laabs <mailinglists@martinlaabs.de> To: freebsd-net@freebsd.org Subject: Kerberos problem with -current Message-ID: <52308F8C.3010804@martinlaabs.de>
next in thread | raw e-mail | index | archive | help
Hi, I set up a kerberos server on a raspberry platform. To prove that all is working I enabled the telnetd to use kerberos auth. When trying to connect to the localhost or the ip assigned (so just use the -current telnet with the -current telnetd and the -current kerberos server) to the network interface I get the following error: Trying 192.168.1.221... Connected to raspberry.martinlaabs.de. Escape character is '^]'. [ Trying mutual KERBEROS5 (host/raspberry.martinlaabs.de@MARTINLAABS.DE)... ] Kerberos V5: mk_req failed (encryption type des-cbc-crc is disabled) [ Trying KERBEROS5 (host/raspberry.martinlaabs.de@MARTINLAABS.DE)... ] Kerberos V5: mk_req failed (encryption type des-cbc-crc is disabled) This is very strange because there are no des-cbc-crc keys at all and I wonder why telnetd is asking for that deprecated key type. When enabling the weak crypto option in krb5.conf the error message changes but the main problem of the des-cbc-crc key remains: Trying 192.168.1.231... Connected to raspberry.martinlaabs.de. Escape character is '^]'. [ Trying mutual KERBEROS5 (host/raspberry.martinlaabs.de@MARTINLAABS.DE)... ] Kerberos V5: mk_req failed (KDC has no support for encryption type) [ Trying KERBEROS5 (host/raspberry.martinlaabs.de@MARTINLAABS.DE)... ] Kerberos V5: mk_req failed (KDC has no support for encryption type) So why does telnet or telnetd wants to use the des-cbc-crc key type and not some recent and secure key types? Thank you, Martin Laabs
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52308F8C.3010804>