Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

Testing RedHat6/CentOS6 krb5.conf compatible enctypes - httpd: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Credential cache is empty)

Fletcher Cocquyt fcocquyt at stanford.edu
Mon Sep 19 09:33:34 PDT 2011


Hi,
We are testing CentOS6 builds and found our existing krb5.conf enctypes have
been deprecated resulting in the kerberos auth for ssh failing until we
update the krb5.conf as follows:

 # default_tkt_enctypes = des-cbc-crc # DES is deprecated in RHEL 5.6 and 6.
 # default_tgs_enctypes = des-cbc-crc # DES is deprecated in RHEL 5.6 and 6.
 default_tkt_enctypes = rc4-hmac
 default_tgs_enctypes = rc4-hmac
 permitted_enctypes = rc4-hmac

Now the question is, are these new enctypes perfectly backward compatible?
We¹re testing the new enctypes on CentOS/RedHat 5 and so far the only error
turning up is on our webservers:

httpd: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more
information (Credential cache is empty)

So far the webserver passes webauth, webauth ldap, kerb_auth tests...
Is there an indication from the error what issues may be expected?

thanks

-- 
Fletcher Cocquyt
Principal Engineer
Information Resources and Technology (IRT)
Stanford University School of Medicine

Email: fcocquyt at stanford.edu
Phone: (650) 724-7485

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/webauth-info/attachments/20110919/dcdf337d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.jpg
Type: image/jpeg
Size: 9320 bytes
Desc: not available
URL: <http://mailman.stanford.edu/pipermail/webauth-info/attachments/20110919/dcdf337d/attachment.jpg>


More information about the webauth-info mailing list