[CentOS] Kerberos/LDAP authentication no more working in 5.6 ?

John Hodrien J.H.Hodrien at leeds.ac.uk
Tue Apr 12 14:28:17 UTC 2011


On Tue, 12 Apr 2011, Alain Péan wrote:

> Sorrry, little error with the output of klit -ke, because I am testing
> on a test AD domain at this moment. On the first machine, output is :
> # klist -ke
> Keytab name: FILE:/etc/krb5.keytab
> KVNO Principal
> ----
> --------------------------------------------------------------------------
>    2 host/appleton.lab-lpp.local at LAB-LPP.LOCAL (DES cbc mode with CRC-32)
>    2 host/appleton.lab-lpp.local at LAB-LPP.LOCAL (DES cbc mode with RSA-MD5)
>    2 host/appleton.lab-lpp.local at LAB-LPP.LOCAL (ArcFour with HMAC/md5)
>    2 host/appleton at LAB-LPP.LOCAL (DES cbc mode with CRC-32)
>    2 host/appleton at LAB-LPP.LOCAL (DES cbc mode with RSA-MD5)
>    2 host/appleton at LAB-LPP.LOCAL (ArcFour with HMAC/md5)
>    2 APPLETON$@LAB-LPP.LOCAL (DES cbc mode with CRC-32)
>    2 APPLETON$@LAB-LPP.LOCAL (DES cbc mode with RSA-MD5)
>    2 APPLETON$@LAB-LPP.LOCAL (ArcFour with HMAC/md5)

You're still lightly mixing machines though, as your error before referred to
'bardeen' not appleton.  I'm not certain that I've seen a complete picture
here.

I think disabling validate would still get you back to your old behaviour, but
that there's something wrong with the keytabs on these machines.

jh


More information about the CentOS mailing list