Sorry for the overly technical post, but I just wasted a half hour googling for something, and wanted to save others who log into FNAL some time.
Ubuntu 10.4 was just released last Thursday, and I know I’m not the only person at FNAL who’s using it on a personal machine, since I just got an email from a colleague of mine asking for help with the same problem I was having. If you try to get a kerberos ticket using the krb5.conf file given by FNAL computing division, you’re greeted with the error message:
kinit: No supported encryption types (config file error?) while getting initial credentials
This is because FNAL’s kerberos servers only uses single-DES encryption, which is considered “weak” by kerberos version 1.8.1 and up. It’s disabled implicitly by default. To work around this, open your /etc/krb5.conf
file, and look for the section headed by the tag [libdefaults]
. Add the line
allow_weak_crypto = true
And it should work like it did with older versions of krb5.