Mailing List Archives
Public Access
|
|
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Condor-users] Kerberos and condor - a note on encryption types
- Date: Thu, 27 Jan 2005 16:04:57 +1300
- From: "Miskell, Craig" <Craig.Miskell@xxxxxxxxxxxxxxxx>
- Subject: [Condor-users] Kerberos and condor - a note on encryption types
Hi,
Just a note for the next person who might run into this: Condor
6.6.7 (and presumably earlier) does not like the "ArcFour with HMAC/md5"
key encryption type - if you have a /etc/krb5.keytab file that contains
a key using that encryption type, then you might see the messages:
Trying to get credential
AUTH_ERROR: Bad encryption type
In the logs, or when running condor_status -debug (I have
ALL_DEBUG=D_SECURITY on as well, which I believe might be necessary to
see this message).
I ran into this while setting up and running the latest MIT kerberos
(1.3.6) on Fedora Core 3. The default kdc.conf file had a
supported_enctypes value which included arc4-hmac:normal. Removing that
and regenerating the keytab file (or just editing the keytab file
directly using ktutil or equiv) fixed the problem.
I guess that the version of Kerberos that Condor embeds doesn't support
arc4 encryption, although it seems odd that it doesn't ignore it and try
the other keys in the keytab file.
Hope this helps someone, somewhere, someday,
Craig Miskell,
Technical Support,
AgResearch Invermay
03 489-9279
"Orcs killed: none. Disappointing. Stubble update: I look rugged and
manly.
Yes! Keep wanting to drop-kick Gimli. Holding myself back. Still not
King."
- the very secret diary of Aragorn son of Arathron
=======================================================================
Attention: The information contained in this message and/or attachments
from AgResearch Limited is intended only for the persons or entities
to which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipients is prohibited by AgResearch
Limited. If you have received this message in error, please notify the
sender immediately.
=======================================================================