Kerberos generating arcfour-hmac-md5 with osx 10.8 and heimdal
I'm trying to kerberize a samba3 on a linux to my OD server (on a 10.8.5).
There is not much documentation for heimdal but I think I nailed down my problem to the following:
when I add a principal to my KDC server, I see:
> ktutil list
1 aes256-cts-hmac-sha1-96 cifs/linuxhost@realm
1 des3-cbc-sha1 cifs/linuxhost@realm
But samba3 requires arcfour-hmac-md5 encryption and when I do
> ktutil get -p admin -e arcfour-hmac-md5 cifs/linuxhost@realm
I got no error message but nothing is added to the principals list :(
I also tried to modify /etc/krb5.conf to add something like:
default_etypes = arcfour-hmac-md5
but doing this gives me an error message stating:
ktutil: kadm5_create_principal(cifs/linuxhost): KDC has no support for encryption type
Can someone confirm that arcfour-hmac-md5 key cannot be generated with the heimdal that is shipped with 10.8.5 ? (I've seen quite some examples with 10.6 and even 10.7 exporting this enctype so it must have been removed from 10.8.5 or am I missing something?).