KDC has no support for encryption type while getting initial credentials
search cancel

KDC has no support for encryption type while getting initial credentials

book

Article ID: 46485

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

While trying to setup Kerberos Authentication on Linux, the kinit command fails with the following error.

 

kinit: KDC has no support for encryption type while getting initial credentials 

 

Why am I getting this error and how can I resolve it?

 

Environment

Release: ESPSTM99000-12.51-Single Sign On-Extended Support Plus
Component:

Resolution

The message is evident that the KDC side is told to use a specific encryption type but it is not enabled or allowed.

Please check if the KDC has setting restricting specific encryption types.

Another possibility is that the Service Account(WebAgent and the Policy Server service account) has "Use Kerberos DES encryption types for this account" checked.

You should uncheck this option as it will force using DES encryption only. It will not support any other encryption types.

 

Additional Information

https://blogs.msdn.microsoft.com/openspecification/2011/05/30/windows-configurations-for-kerberos-supported-encryption-type/

 

Powered by Wolken Software