描述:RHEL 6.x主机执行kinit -kt命令报如下错误
[heboan@localhost~]$ kinit -kt heboan.keytab heboan kinit: Bad encryption type while getting initial credentials
原因
KDC服务器正在RHEL 7.x主机上运行,RHEL 6.x该主机对keytab文件中的加密类型有不同的识别。 如<----行所示,两种加密类型在RHEL 6.x和7.x系统中都有不同的名称。这使得KDC服务器在RHEL 6.x主机的kinit请求中无法识别这两种加密类型. RHEL 6x [heboan@localhost ~]$ klist -e -kt heboan.keytab Keytab name: FILE:heboan.keytab KVNO Timestamp Principal ---- ----------------- -------------------------------------------------------- 3 07/06/17 16:48:20 heboan@HADOOP.COM (aes128-cts-hmac-sha1-96) 3 07/06/17 16:48:20 heboan@HADOOP.COM (des3-cbc-sha1) 3 07/06/17 16:48:20 heboan@HADOOP.COM (arcfour-hmac) 3 07/06/17 16:48:20 heboan@HADOOP.COM (etype 26) <---- 3 07/06/17 16:48:20 heboan@HADOOP.COM (etype 25) <---- 3 07/06/17 16:48:20 heboan@HADOOP.COM (des-hmac-sha1) 3 07/06/17 16:48:20 heboan@HADOOP.COM (des-cbc-md5) RHEL 7x [dengsc@nfjd-hadoop-test01 bash_script]$ klist -e -kt heboan.keytab Keytab name: FILE:heboan.keytab KVNO Timestamp Principal ---- ------------------- ------------------------------------------------------ 5 07/06/2017 16:54:15 heboan@HADOOP.COM (aes128-cts-hmac-sha1-96) 5 07/06/2017 16:54:15 heboan@HADOOP.COM (des3-cbc-sha1) 5 07/06/2017 16:54:15 heboan@HADOOP.COM (arcfour-hmac) 5 07/06/2017 16:54:15 heboan@HADOOP.COM (camellia256-cts-cmac) <---- 5 07/06/2017 16:54:15 heboan@HADOOP.COM (camellia128-cts-cmac) <---- 5 07/06/2017 16:54:15 heboan@HADOOP.COM (des-hmac-sha1) 5 07/06/2017 16:54:15 heboan@HADOOP.COM (des-cbc-md5)
解决方案
导出密码时指定加密类型,跳过有差异的加密方法: xst -e "aes128-cts-hmac-sha1-96:normal" -k heboan.keytab heboan 注意:这样会使得之前的keytab失效,因为密码已经改成随机的了