Dear OpenSSH types,

I am trying to use a Windows AD KDC to authenticate gssapi-with-mic
connections between Linux clients. The problem is I get an error from
the ssh server: "Encryption type not permitted" Can anyone tell me
what it's objecting to, or what encryption types are permitted?

I'm using sshd: OpenSSH_4.1p1 and client: OpenSSH_3.9p1, OpenSSL
0.9.7e 25 Oct 2004

I have enabled GSSAPIAuthentication on the server and installed /etc/
krb5.keytab with the key:

KVNO Principal
----
------------------------------------------------------------------------
--
4 host/somehost.cl.cam.ac.uk@AD.CL.CAM.AC.UK (DES cbc mode with
RSA-MD5)

On the client I have these credentials:

Default principal: ig206@AD.CL.CAM.AC.UK

Valid starting Expires Service principal
03/13/06 15:55:51 03/14/06 01:55:55 krbtgt/
AD.CL.CAM.AC.UK@AD.CL.CAM.AC.UK
renew until 03/14/06 15:55:51, Etype (skey, tkt): ArcFour
with HMAC/md5, ArcFour with HMAC/md5
03/13/06 15:56:17 03/14/06 01:55:55 host/
sark.cl.cam.ac.uk@AD.CL.CAM.AC.UK
renew until 03/14/06 15:55:51, Etype (skey, tkt): DES cbc
mode with CRC-32, DES cbc mode with RSA-MD5
Kerberos 4 ticket cache: /tmp/tkt1696

When I try the connection I get this output from sshd:

debug1: userauth-request for user ig206 service ssh-connection method
none
debug1: attempt 0 failures 0
debug1: PAM: initializing for "ig206"
Failed none for ig206 from 128.232.8.60 port 12372 ssh2
debug1: PAM: setting PAM_RHOST to "fenton.cl.cam.ac.uk"
debug1: PAM: setting PAM_TTY to "ssh"
debug1: userauth-request for user ig206 service ssh-connection method
gssapi
h-mic
debug1: attempt 1 failures 1
Postponed gssapi-with-mic for ig206 from 128.232.8.60 port 12372 ssh2
debug1: Miscellaneous failure
Encryption type not permitted

debug1: Got no client credentials
Failed gssapi-with-mic for ig206 from 128.232.8.60 port 12372 ssh2
debug1: userauth-request for user ig206 service ssh-connection method
gssapi
h-mic
debug1: attempt 2 failures 2
Failed gssapi-with-mic for ig206 from 128.232.8.60 port 12372 ssh2