DES is completely disabled in 2.2 servers. We need a way to be able to generate DES keys at least for older NFS clients and servers.
I tried adding allow_weak_crypto = yes to libdefaults of the IPA server krb5.conf and adding support for the enc type but was still unable to use ipa-getkeytab from a RHEL-5 client.
I added this to LDAP:
dn: cn=$REALM,cn=kerberos,dc=greyoak,dc=com krbSupportedEncSaltTypes: des-cbc-crc:normal krbSupportedEncSaltTypes: des-cbc-crc:special krbDefaultEncSaltTypes: des-cbc-crc:special
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=800542
Added step #6 here: http://docs.fedoraproject.org/en-US/Fedora/16/html/FreeIPA_Guide/kerb-nfs.html
Rename component.
Metadata Update from @rcritten: - Issue assigned to elladeon - Issue set to the milestone: FreeIPA 2.2.0 Documentation
Login to comment on this ticket.