SUSE Support

Here When You Need Us

Programs using Kerberos fail after update to krb5-1.20.1-150600.11.8.1

This document (000021823) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 15 SP6
SUSE Linux Enterprise Server for SAP 15 SP6


Situation

After updating packages krb5, krb5-32bit, or krb5-client to version 1.20.1-150600.11.8.1 or higher, applications on the server experience issues with features that utilize Kerberos. These packages were of version 1.20.1-150600.11.3.1 or lower before they were upgraded.

Resolution

To resolve the issue, algorithms that are not supported by the currently crypto-policy should be removed from settings permitted_enctypes, default_tkt_enctypes, and default_tgs_enctypes in the file /etc/krb5.conf and other configuration files in /etc/krb5.conf.d/. Or, if crypto-policy support is not needed on Kerberos, this can be disabled by deleting the file /etc/krb5.conf.d/crypto-policies.

The crypto-policy that is currently set is defined in the file /etc/crypto-policies/config. The algorithms allowed by each crypto-policy are listed in the crypto-policies man page in the PROVIDED POLICIES section

man 7 crypto-policies

                                        

Cause

Starting in version 1.20.1-150600.11.8.1, Kerberos supports crypto-policy and blocks any algorithms that are not approved by the crypto-policy.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000021823
  • Creation Date: 05-May-2025
  • Modified Date:22-May-2025
    • SUSE Linux Enterprise Server
    • SUSE Linux Enterprise Server for SAP Applications

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

tick icon

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

tick icon

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

tick icon

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.