• John
  • Felde
  • University of Maryland
  • USA

Latest Posts

  • USLHC
  • USLHC
  • USA

  • James
  • Doherty
  • Open University
  • United Kingdom

Latest Posts

  • Andrea
  • Signori
  • Nikhef
  • Netherlands

Latest Posts

  • CERN
  • Geneva
  • Switzerland

Latest Posts

  • Aidan
  • Randle-Conde
  • Université Libre de Bruxelles
  • Belgium

Latest Posts

  • TRIUMF
  • Vancouver, BC
  • Canada

Latest Posts

  • Laura
  • Gladstone
  • MIT
  • USA

Latest Posts

  • Steven
  • Goldfarb
  • University of Michigan

Latest Posts

  • Fermilab
  • Batavia, IL
  • USA

Latest Posts

  • Seth
  • Zenz
  • Imperial College London
  • UK

Latest Posts

  • Nhan
  • Tran
  • Fermilab
  • USA

Latest Posts

  • Alex
  • Millar
  • University of Melbourne
  • Australia

Latest Posts

  • Ken
  • Bloom
  • USLHC
  • USA

Latest Posts

Homer Wolfe | The Ohio State University | USA

View Blog | Read Bio

Kerberos at FNAL with Ubuntu 10.4 Lucid Lynx

Sorry for the overly technical post, but I just wasted a half hour googling for something, and wanted to save others who log into FNAL some time.

Ubuntu 10.4 was just released last Thursday, and I know I’m not the only person at FNAL who’s using it on a personal machine, since I just got an email from a colleague of mine asking for help with the same problem I was having. If you try to get a kerberos ticket using the krb5.conf file given by FNAL computing division, you’re greeted with the error message:

kinit: No supported encryption types (config file error?) while getting initial credentials

This is because FNAL’s kerberos servers only uses single-DES encryption, which is considered “weak” by kerberos version 1.8.1 and up. It’s disabled implicitly by default. To work around this, open your /etc/krb5.conf file, and look for the section headed by the tag [libdefaults]. Add the line

allow_weak_crypto = true

And it should work like it did with older versions of krb5.

Share