Red Hat Bugzilla – Bug 32477
kinit fails when using keytab
Last modified: 2007-03-26 23:42:37 EDT
$ kadmin -r TEST.ME -p admin/admin@TEST.ME Authenticating as principal admin/admin@TEST.ME with password. Enter password: kadmin: ktadd -k sopwith.keytab sopwith@TEST.ME Entry for principal sopwith@TEST.ME with kvno 3, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:sopwith.keytab Entry for principal sopwith@TEST.ME with kvno 3, encryption type Triple DES cbc mode raw added to keytab WRFILE:sopwith.keytab kadmin: quit $ kinit -k host/ath.test.me@TEST.ME kinit(v5): Bad encryption type while getting initial credentials -------------------- While possibly caused by operator error, the instructions available seem to indicate that this should work. Using kinit on this same principal with the password instead of the keytab file works fine. This happens on both Alpha and x86 archs - the alpha is using krb5-*-1.2.2-3, the x86 krb5-*-1.2.1-8.
This is a partially-implemented feature. Currently, kinit using a keytab only works for DES, not 3DES. To extract just a DES key, use the "ktadd -e des <principal>" syntax in kadmin. I expect this will be fixed in a future release of Kerberos 5.