Hi, all
I have a problem to get TGT while des-cbc-md5 enctypes from MIT
Krb5-1.5.4 KDC installed on suse 10.
Here is the kdc.conf:

kdc_ports = 88

database_name = /usr/local/var/krb5kdc/principal
admin_keytab = FILE:/usr/local/var/krb5kdc/kadm5.keytab
acl_file = /usr/local/var/krb5kdc/kadm5.acl
kdc_ports = 88
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
supported_enctypes = des3-hmac-sha1:normal
arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal
des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3

And the krb5.conf has :

default_realm = EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
default_tkt_enctypes = des-cbc-md5

kdc = leo-suse.cn.ibm.com:88
admin_server = leo-suse.cn.ibm.com:749
default_domain = leo-suse.cn.ibm.com

..leo-suse.cn.ibm.com = EXAMPLE.COM
leo-suse.cn.ibm.com = EXAMPLE.COM

And then if I run
kinit test@EXAMPLE.COM
It complains:
kinit(v5): KDC has no support for encryption type while getting
initial credentials

I also have added the des-cbc-md5 enctype as a keytab for test@EXAMPLE.COMby:
kadmin.local: addprinc -e "des-cbc-md5:normal" test@EXAMPLE.COM
And the getprinc also shows:
kadmin.local: getprinc test@EXAMPLE.COM
Number of keys: 1
Key: vno 1, DES cbc mode with RSA-MD5, no salt
Policy: [none]

Besides, seems other encryption types are all supported, for example, the

So could somebody help to spot what is the problem?

Thanks in advance.

Leo Li
China Software Development Lab, IBM