...
| Bloc de code |
|---|
[root@kerb ~]# kadmin Authenticating as principal root/admin@UNIV-RENNES1.FR with password. Password for root/admin@UNIV-RENNES1.FR: kadmin: addprinc -randkey cifs/cas.ifsic.univ-rennes1.fr WARNING: no policy specified for cifs/cas.ifsic.univ-rennes1.fr@UNIV-RENNES1.FR; defaulting to no policy Principal "cifs/cas.ifsic.univ-rennes1.fr@UNIV-RENNES1.FR" created. kadmin: ktadd -k /etc/krb5.keytab cifs/cas.ifsic.univ-rennes1.fr Entry for principal cifs/cas.ifsic.univ-rennes1.fr with kvno 3, encryption type AES-256 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/etc/krb5.keytab. Entry for principal cifs/cas.ifsic.univ-rennes1.fr with kvno 3, encryption type AES-128 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/etc/krb5.keytab. Entry for principal cifs/cas.ifsic.univ-rennes1.fr with kvno 3, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab. Entry for principal cifs/cas.ifsic.univ-rennes1.fr with kvno 3, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/etc/krb5.keytab. Entry for principal cifs/cas.ifsic.univ-rennes1.fr with kvno 3, encryption type DES with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab. Entry for principal cifs/cas.ifsic.univ-rennes1.fr with kvno 3, encryption type DES cbc mode with RSA-MD5 added to keytab WRFILE:/etc/krb5.keytab. kadmin: exit You have new mail in /var/spool/mail/root [root@kerb ~]# |
...
Le fichier/etc/krb5.conf du serveur samba ne doit pas permettre l'usage du chiffrement 3DES. Le fichier /etc/krb5.conf du serveur kerberos doit être répliqué sur tous les princuipaux de services (HTTP, cifs, ...).