Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

Testing RedHat6/CentOS6 krb5.conf compatible enctypes - httpd: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Credential cache is empty)

Russ Allbery eagle at
Mon Sep 26 10:45:13 PDT 2011

Fletcher Cocquyt <fcocquyt at> writes:

> Russ thanks for all the great info -

> from my reading of your reply you recommend simply removing the

>>>  default_tkt_enctypes =
>>>  default_tgs_enctypes =

> Lines and allowing negotiation of encryption types.


> I'm testing this now and it seems to work fine for CentOS5 and CentOS6
> distros (tested ssh and webauth)

> Q: What's the best way to determine the enctype that ends up being
> negotiated?

klist -e /path/to/ticket/cache will show the contents of a Kerberos ticket
cache including the encryption types.  There will be two encryption types
listed for each ticket, but generally they'll be the same.  I forget the
exact difference, but the first one is the one that's the most important.

Russ Allbery <eagle at>
Technical Lead, ITS Infrastructure Delivery Group, Stanford University

More information about the webauth-info mailing list