On Aug 26, 2011, at 9:26, I wrote:
I think I solved the problem, but am out of the office today to fully test it. It involved setting the default realm and adding some encryption types to the /etc/krb5.conf file. What I still don't understand is what has changed in CentOS 6 that causes a kickstarted system not to be able to authenticate users whereas a CentOS 5 system can. I need to do a few more installs to track down the root cause, and then I'll post an update here.
I needed the following lines in the [libdefaults] section of the /etc/krb5.conf to let users authenticate against our Windows AD backend:
default_tkt_enctypes = arcfour-hmac-md5 des-cbc-md5 des-cbc-crc des3-cbc-sha1 default_tgs_enctypes = arcfour-hmac-md5 des-cbc-md5 des-cbc-crc des3-cbc-sha1 permitted_enctypes = arcfour-hmac-md5 des-cbc-md5 des-cbc-crc des3-cbc-sha1
whereas in CentOS 5 I only needed the following:
default_tkt_enctypes = des-cbc-md5 default_tgs_enctypes = des-cbc-md5
I think I only needed to add the first encryption type to get it to work, but I left them all in for now. I hope this helps someone else in the future if they run into something similar.
Alfred