## View Blog | Read Bio

### Kerberos at FNAL with Ubuntu 10.4 Lucid Lynx

Sorry for the overly technical post, but I just wasted a half hour googling for something, and wanted to save others who log into FNAL some time.

Ubuntu 10.4 was just released last Thursday, and I know I’m not the only person at FNAL who’s using it on a personal machine, since I just got an email from a colleague of mine asking for help with the same problem I was having. If you try to get a kerberos ticket using the krb5.conf file given by FNAL computing division, you’re greeted with the error message:

kinit: No supported encryption types (config file error?) while getting initial credentials

This is because FNAL’s kerberos servers only uses single-DES encryption, which is considered “weak” by kerberos version 1.8.1 and up. It’s disabled implicitly by default. To work around this, open your /etc/krb5.conf file, and look for the section headed by the tag [libdefaults]. Add the line

allow_weak_crypto = true

And it should work like it did with older versions of krb5.