KDC has no support for encryption type while getting initial credentials

Document ID : KB000046485
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:  

While trying to setup Kerberos Authentication on Linux, the kinit command fails with the following error.

 

kinit: KDC has no support for encryption type while getting initial credentials 

 

Why am I getting this error and how can I resolve it?

 

Answer: 

The message is evident that the KDC side is told to use a specific encryption type but it is not enabled or allowed.

Please check if the KDC has setting restricting specific encryption types.

Another possibility is that the Service Account(WebAgent and the Policy Server service account) has "Use Kerberos DES encryption types for this account" checked.

You should uncheck this option as it will force using DES encryption only. It will not support any other encryption types.

 

 

Additional Information: 

https://blogs.msdn.microsoft.com/openspecification/2011/05/30/windows-configurations-for-kerberos-supported-encryption-type/