Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

Testing RedHat6/CentOS6 krb5.conf compatible enctypes - httpd: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Credential cache is empty)

Russ Allbery eagle at windlord.stanford.edu
Mon Sep 26 10:45:13 PDT 2011


Fletcher Cocquyt <fcocquyt at stanford.edu> writes:

> Russ thanks for all the great info -

> from my reading of your reply you recommend simply removing the

>>>  default_tkt_enctypes =
>>>  default_tgs_enctypes =

> Lines and allowing negotiation of encryption types.

Correct.

> I'm testing this now and it seems to work fine for CentOS5 and CentOS6
> distros (tested ssh and webauth)

> Q: What's the best way to determine the enctype that ends up being
> negotiated?

klist -e /path/to/ticket/cache will show the contents of a Kerberos ticket
cache including the encryption types.  There will be two encryption types
listed for each ticket, but generally they'll be the same.  I forget the
exact difference, but the first one is the one that's the most important.

-- 
Russ Allbery <eagle at windlord.stanford.edu>
Technical Lead, ITS Infrastructure Delivery Group, Stanford University



More information about the webauth-info mailing list