Comment 4 for bug 567188
Revision history for this message
| jean-yves chateaux (jean-yves-chateaux) wrote | #4 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
The errors are the results of MIT resolution to exclude DES/DES3 from the supported enctypes (security reasons).
The parameter "allow_weak_crypto = true" should be added in the default [libdefaults] section of /etc/krb5.conf.
Adding this parameter solved the errors of the original bug report but leads to a new one: likewise+krb5 cannot get the authenticated user groups correctly from the ADS when trying to browse samba shares using tickets.
It looks like a bug in krb5 when using "allow_weak_crypto = true" in the des/des3 "old school" support.
This support is _not_ like the previous des/des3 krb version support.
MIT isn't really in "verbose mode" about the code they modified to make this partial support ""good enough"".