Univention Bugzilla – Bug 36542
Heimdal ignores default_tgs_enctypes, default_tkt_enctypes and permitted_enctypes
Last modified: 2018-08-10 17:31:01 CEST
In /etc/krb5.conf we set default_tgs_enctypes, default_tkt_enctypes and permitted_enctypes From heimdal/lib/krb5/verify_krb5_conf.c it seems that these are ignored or at least MIT specific. The man page suggests that "default_tgs_etypes" is evaluated instead. We should check if the current settings in /etc/krb5.conf have any effect at all or if they should be removed or adjusted to current Heimdal behaviour.
This issue has been filed against UCS 3. UCS 3 is out of the normal maintenance and many UCS components have vastly changed in UCS 4. If this issue is still valid, please change the version to a newer UCS version otherwise this issue will be automatically closed in the next weeks.
Fixed for Bug #46292 by setting the Heimdal specific options (default_etypes, default_tgs_etypes and default_as_etypes) too.
FAIL -changelog? OK - 4.3 master + 4.2 s4 backup works OK - correct enctype options in 4.3 aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, arcfour-hmac-md5, des-cbc-crc, des-cbc-md5, des-cbc-md4, des3-cbc-sha1
Ok, I've added an entry to the release changelog.
OK
UCS 4.3 has been released: https://docs.software-univention.de/release-notes-4.3-0-en.html https://docs.software-univention.de/release-notes-4.3-0-de.html If this error occurs again, please use "Clone This Bug".