Kerberos problem with -current
Martin Laabs
mailinglists at martinlaabs.de
Wed Sep 11 15:43:34 UTC 2013
Hi,
I set up a kerberos server on a raspberry platform. To prove
that all is working I enabled the telnetd to use kerberos auth.
When trying to connect to the localhost or the ip assigned (so just use the
-current telnet with the -current telnetd and the -current kerberos server)
to the network interface I get the following error:
Trying 192.168.1.221...
Connected to raspberry.martinlaabs.de.
Escape character is '^]'.
[ Trying mutual KERBEROS5 (host/raspberry.martinlaabs.de at MARTINLAABS.DE)... ]
Kerberos V5: mk_req failed (encryption type des-cbc-crc is disabled)
[ Trying KERBEROS5 (host/raspberry.martinlaabs.de at MARTINLAABS.DE)... ]
Kerberos V5: mk_req failed (encryption type des-cbc-crc is disabled)
This is very strange because there are no des-cbc-crc keys at all and
I wonder why telnetd is asking for that deprecated key type. When enabling
the weak crypto option in krb5.conf the error message changes but the main
problem of the des-cbc-crc key remains:
Trying 192.168.1.231...
Connected to raspberry.martinlaabs.de.
Escape character is '^]'.
[ Trying mutual KERBEROS5 (host/raspberry.martinlaabs.de at MARTINLAABS.DE)... ]
Kerberos V5: mk_req failed (KDC has no support for encryption type)
[ Trying KERBEROS5 (host/raspberry.martinlaabs.de at MARTINLAABS.DE)... ]
Kerberos V5: mk_req failed (KDC has no support for encryption type)
So why does telnet or telnetd wants to use the des-cbc-crc key type and not
some recent and secure key types?
Thank you,
Martin Laabs
More information about the freebsd-net
mailing list