Re: [bug-inetutils] Present libshishi support.

[Simon Josefsson]

Simon Josefsson <address@hidden> writes:

> I suspect the problem is that MIT/Heimdal is somehow expecting/requiring
> that DES keys are available, which I haven't added.  I don't understand
> why MIT/Heimdal doesn't use AES for everything except a DES sub-session
> key.  I'll see if adding DES keys for the krbtgt and/or host and/or user
> will help.

Interestingly, the MIT telnet client is not trying to get any host keys.
Thus it must be failing as soon as it sees a AES ticket for the user, or
perhaps more likely, it fails as soon as it doesn't see a DES ticket.
I'm able to get a DES3 ticket using kinit (although telnet fails the
same way as with an AES key), but I'm not able to get a DES ticket using
kinit, error message is:

address@hidden:~$ kinit address@hidden
kinit: No supported encryption types (config file error?) while getting initial 
credentials
address@hidden:~$ 

There is no traffic to the KDC here.  Most likely, I have misunderstood
the MIT configuration file here.  I'm adding these to /etc/krb5.conf:

        default_tgs_enctypes = des-cbc-md5
        default_tkt_enctypes = des-cbc-md5
        permitted_enctypes = des-cbc-md5

Setting up a MIT/Heimdal telnetd may reveal some more details.

/Simon