• kinit: Bad encryption type while getting initial credentials


    描述:RHEL 6.x主机执行kinit -kt命令报如下错误

    [heboan@localhost~]$ kinit -kt heboan.keytab heboan
    kinit: Bad encryption type while getting initial credentials

    原因

    KDC服务器正在RHEL 7.x主机上运行,​​RHEL 6.x该主机对keytab文件中的加密类型有不同的识别。
    如<----行所示,两种加密类型在RHEL 6.x和7.x系统中都有不同的名称。这使得KDC服务器在RHEL 6.x主机的kinit请求中无法识别这两种加密类型.
    RHEL 6x
    [heboan@localhost ~]$ klist -e -kt heboan.keytab 
    Keytab name: FILE:heboan.keytab
    KVNO Timestamp         Principal
    ---- ----------------- --------------------------------------------------------
    3 07/06/17 16:48:20 heboan@HADOOP.COM (aes128-cts-hmac-sha1-96) 
    3 07/06/17 16:48:20 heboan@HADOOP.COM (des3-cbc-sha1) 
    3 07/06/17 16:48:20 heboan@HADOOP.COM (arcfour-hmac) 
    3 07/06/17 16:48:20 heboan@HADOOP.COM (etype 26)  <----
    3 07/06/17 16:48:20 heboan@HADOOP.COM (etype 25)  <----
    3 07/06/17 16:48:20 heboan@HADOOP.COM (des-hmac-sha1) 
    3 07/06/17 16:48:20 heboan@HADOOP.COM (des-cbc-md5) 
    
    RHEL 7x
    [dengsc@nfjd-hadoop-test01 bash_script]$ klist -e -kt heboan.keytab 
    Keytab name: FILE:heboan.keytab
    KVNO Timestamp           Principal
    ---- ------------------- ------------------------------------------------------
    5 07/06/2017 16:54:15 heboan@HADOOP.COM (aes128-cts-hmac-sha1-96) 
    5 07/06/2017 16:54:15 heboan@HADOOP.COM (des3-cbc-sha1) 
    5 07/06/2017 16:54:15 heboan@HADOOP.COM (arcfour-hmac) 
    5 07/06/2017 16:54:15 heboan@HADOOP.COM (camellia256-cts-cmac)   <----
    5 07/06/2017 16:54:15 heboan@HADOOP.COM (camellia128-cts-cmac)   <----
    5 07/06/2017 16:54:15 heboan@HADOOP.COM (des-hmac-sha1) 
    5 07/06/2017 16:54:15 heboan@HADOOP.COM (des-cbc-md5) 

    解决方案

    导出密码时指定加密类型,跳过有差异的加密方法: xst -e "aes128-cts-hmac-sha1-96:normal" -k heboan.keytab heboan
    注意:这样会使得之前的keytab失效,因为密码已经改成随机的了
  • 相关阅读:
    zoj 4120Tokens on the Segments(优先队列+贪心)
    hdu1710 Binary Tree Traversals(二叉树)
    poj3494Largest Submatrix of All 1’s
    poj 2559Largest Rectangle in a Histogram(单调栈简单模板题)
    poj 2492 A Bug's Life(种类并查集)
    差分约束 + spfa + 最长路 [NOI1999] 01串
    Codeforces Round #599 D Yet Another Monster Killing Problem
    CF 1249D1
    [Gym-102346A] 偷偷偷 并查集处理图(坐标)
    [Gym-102346M] 二分答案
  • 原文地址:https://www.cnblogs.com/sellsa/p/11541692.html
Copyright © 2020-2023  润新知