On Wed, Apr 06, 2016 at 07:09:16AM +0000, Ondrej Valousek wrote:
Both commands works just fine - I am getting AES256 keys then (if I
forbid arcfour).
Seems to me that SSSD for some reason rely on arcfour - is this by design?
No, there is no dependency on arcfour, SSSD just use common library
calls to libkrb5 and libldap as the two commands below.
Can you try to remove the credential cache used by SSSD with
rm /var/lib/sss/db/ccache_*
and restart SSSD? Maybe there are still olb but valid tickets in the
ccache?
HTH
bye,
Sumit
> Thanks,
> Ondrej
>
>
> -----Original Message-----
> From: Sumit Bose [mailto:sbose@redhat.com]
> Sent: Tuesday, April 05, 2016 5:27 PM
> To: sssd-users(a)lists.fedorahosted.org
> Subject: [SSSD-users] Re: Allowed Kerberos encryption types for SSSD
>
> On Tue, Apr 05, 2016 at 02:48:51PM +0000, Ondrej Valousek wrote:
> > Hi List,
> >
> > I am currently fighting to get Kerberized NFS working against clustered Netapp.
Their support says that they support all enc types but arcfour-hmac.
> > When I specify default_enctypes in krb5.conf and omit arcfour-hmac enc type,
sssd stops working (goes offline, can not connect).
> > Funny thing is, that kinit -k $HOSTNAME$ works just fine.
> >
> > Is SSSD picky about Kerberos encryption types or not?
>
> If you use AD on the server side arcfour might be needed.
> Does
>
> kvno LDAP/some.ad.dc(a)AD.DOMAIN
>
> or
>
> ldapsearch -H ldap://some.ad.dc -b '' -s base -Y GSSAPI
>
> work after kinit?
>
> bye,
> Sumit
>
> >
> > Thanks,
> > Ondrej
> >
> > -----
> >
> > The information contained in this e-mail and in any attachments is confidential
and is designated solely for the attention of the intended recipient(s). If you are not an
intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or
any part thereof. If you have received this e-mail in error, please notify the sender by
return e-mail and delete all copies of this e-mail from your computer system(s). Please
direct any additional queries to: communications(a)s3group.com. Thank You. Silicon and
Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office:
South County Business Park, Leopardstown, Dublin 18.
>
> > _______________________________________________
> > sssd-users mailing list
> > sssd-users(a)lists.fedorahosted.org
> >
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org
> _______________________________________________
> sssd-users mailing list
> sssd-users(a)lists.fedorahosted.org
>
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org
>
> -----
>
> The information contained in this e-mail and in any attachments is confidential and
is designated solely for the attention of the intended recipient(s). If you are not an
intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or
any part thereof. If you have received this e-mail in error, please notify the sender by
return e-mail and delete all copies of this e-mail from your computer system(s). Please
direct any additional queries to: communications(a)s3group.com. Thank You. Silicon and
Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office:
South County Business Park, Leopardstown, Dublin 18.
> _______________________________________________
> sssd-users mailing list
> sssd-users(a)lists.fedorahosted.org
>
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org