Kerberos generating arcfour-hmac-md5 with osx 10.8 and heimdal

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Kerberos generating arcfour-hmac-md5 with osx 10.8 and heimdal

Jérémie
Hi all,

I'm trying to kerberize a samba3 on a linux to my OD server (on a 10.8.5).

There is not much documentation for heimdal but I think I nailed down my problem to the following:
when I add a principal to my KDC server, I see:
> ktutil list
...
  1  aes256-cts-hmac-sha1-96  cifs/linuxhost@realm
  1  des3-cbc-sha1            cifs/linuxhost@realm
...

But samba3 requires arcfour-hmac-md5 encryption and when I do
> ktutil get -p admin -e arcfour-hmac-md5 cifs/linuxhost@realm
I got no error message but nothing is added to the principals list :(

I also tried to modify /etc/krb5.conf to add something like:
[libdefaults]
   default_etypes =  arcfour-hmac-md5
but doing this gives me an error message stating:
ktutil: kadm5_create_principal(cifs/linuxhost): KDC has no support for encryption type

Can someone confirm that  arcfour-hmac-md5 key cannot be generated with the heimdal that is shipped with 10.8.5 ? (I've seen quite some examples with 10.6 and even 10.7 exporting this enctype so it must have been removed from 10.8.5 or am I missing something?).

Many thanks for any clue
Cheers