kinit: Bad encryption type while getting initial credentials

描述:RHEL 6.x主机执行kinit -kt命令报如下错误

[heboan@localhost~]$ kinit -kt heboan.keytab heboan
kinit: Bad encryption type while getting initial credentials

原因

KDC服务器正在RHEL 7.x主机上运行,​​RHEL 6.x该主机对keytab文件中的加密类型有不同的识别。
如<----行所示,两种加密类型在RHEL 6.x和7.x系统中都有不同的名称。这使得KDC服务器在RHEL 6.x主机的kinit请求中无法识别这两种加密类型.
RHEL 6x
[heboan@localhost ~]$ klist -e -kt heboan.keytab 
Keytab name: FILE:heboan.keytab
KVNO Timestamp         Principal
---- ----------------- --------------------------------------------------------
3 07/06/17 16:48:20 heboan@HADOOP.COM (aes128-cts-hmac-sha1-96) 
3 07/06/17 16:48:20 heboan@HADOOP.COM (des3-cbc-sha1) 
3 07/06/17 16:48:20 heboan@HADOOP.COM (arcfour-hmac) 
3 07/06/17 16:48:20 heboan@HADOOP.COM (etype 26)  <----
3 07/06/17 16:48:20 heboan@HADOOP.COM (etype 25)  <----
3 07/06/17 16:48:20 heboan@HADOOP.COM (des-hmac-sha1) 
3 07/06/17 16:48:20 heboan@HADOOP.COM (des-cbc-md5) 

RHEL 7x
[dengsc@nfjd-hadoop-test01 bash_script]$ klist -e -kt heboan.keytab 
Keytab name: FILE:heboan.keytab
KVNO Timestamp           Principal
---- ------------------- ------------------------------------------------------
5 07/06/2017 16:54:15 heboan@HADOOP.COM (aes128-cts-hmac-sha1-96) 
5 07/06/2017 16:54:15 heboan@HADOOP.COM (des3-cbc-sha1) 
5 07/06/2017 16:54:15 heboan@HADOOP.COM (arcfour-hmac) 
5 07/06/2017 16:54:15 heboan@HADOOP.COM (camellia256-cts-cmac)   <----
5 07/06/2017 16:54:15 heboan@HADOOP.COM (camellia128-cts-cmac)   <----
5 07/06/2017 16:54:15 heboan@HADOOP.COM (des-hmac-sha1) 
5 07/06/2017 16:54:15 heboan@HADOOP.COM (des-cbc-md5) 

解决方案

导出密码时指定加密类型,跳过有差异的加密方法: xst -e "aes128-cts-hmac-sha1-96:normal" -k heboan.keytab heboan
注意:这样会使得之前的keytab失效,因为密码已经改成随机的了

 

posted @ 2019-09-18 14:06  sellsa  阅读(1729)  评论(0编辑  收藏  举报