search for: s4dom

Hi Trever, things improved after resetting user/machine passwords, however only the session key is using aes256 now, the ticket itself is still arcfour: root at ubuntu1:~# kinit user09999 user09999 at S4DOM.TEST's Password: root at ubuntu1:~# klist -v Credentials cache: FILE:/tmp/krb5cc_0 Principal: user09999 at S4DOM.TEST Cache version: 4 Server: krbtgt/S4DOM.TEST at S4DOM.TEST Client: user09999 at S4DOM.TEST Ticket etype: arcfour-hmac-md5, kvno 1 Session key: aes256-cts-hmac-sha1-9...

Hi, I’ve been running a samba 4 DC for quite some time now, and while testing some kerberos related stuff, I noticed that all kerberos tickets I can get from the DC are of encryption type ?arcfour-hmac-md5“: # kinit testuser1 testuser1 at S4DOM.TEST's Password: # klist -v Credentials cache: FILE:/tmp/krb5cc_0 Ticket etype: arcfour-hmac-md5, kvno 1 I can create keytabs containing aes128/aes256 keys (besides the arcfour ones), but if I’m trying to use them (e.g. for NFS client/server) the ccache files only report usage of ?arcfour...

On 08/19/2015 12:02 AM, Ritter, Marcel (RRZE) wrote: > Hi Trever, > > things improved after resetting user/machine passwords, however only the session key is using aes256 now, the ticket itself is still arcfour: > > root at ubuntu1:~# kinit user09999 > user09999 at S4DOM.TEST's Password: > root at ubuntu1:~# klist -v > Credentials cache: FILE:/tmp/krb5cc_0 > Principal: user09999 at S4DOM.TEST > Cache version: 4 > > Server: krbtgt/S4DOM.TEST at S4DOM.TEST > Client: user09999 at S4DOM.TEST > Ticket etype: arcfour-hmac-md5, kvn...

...Ritter, Marcel (RRZE) wrote: > Hi, > > I’ve been running a samba 4 DC for quite some time now, and while testing some kerberos related stuff, I noticed that all kerberos tickets I can get from the DC are of encryption type ?arcfour-hmac-md5“: > > # kinit testuser1 > testuser1 at S4DOM.TEST's Password: > > # klist -v > Credentials cache: FILE:/tmp/krb5cc_0 > Ticket etype: arcfour-hmac-md5, kvno 1 > > I can create keytabs containing aes128/aes256 keys (besides the arcfour ones), but if I’m trying to use them (e.g. for NFS client/server) the ccache files o...