Description
Morning, I've been working to write a SPNEGO HTTP client by using a provided krb5.conf and a keytab for client.NewWithKeytab().
Through the testing, it worked well on my laptop (macos) but was having issues with it on my Oracle Linux 7.9 servers. On the Linux servers, I kept getting no support for encryption type error messages:
2023/08/11 09:55:17 could not login client: [Root cause: KDC_Error] KDC_Error: AS Exchange Error: kerberos error response from KDC: KRB Error: (14) KDC_ERR_ETYPE_NOSUPP KDC has no support for encryption type
Upon inspecting my krb5.conf, I noticed that the linux server had specified several encryption types as preferred where as my laptop did not:
Since linux does not seem to have issues with the upper-case encryption types, should the look up of the type be converted to lowercase before look up?
Data
The version of gokrb5 being used (vX.Y.Z or master or branch name): v8.4.4
The version of Go being used (output of the go version command is handy): go version go1.20.6 darwin/amd64
Details of the environment in which you are seeing the issue: KDC is an MS Active Directory
Description Morning, I've been working to write a SPNEGO HTTP client by using a provided krb5.conf and a keytab for client.NewWithKeytab().
Through the testing, it worked well on my laptop (macos) but was having issues with it on my Oracle Linux 7.9 servers. On the Linux servers, I kept getting no support for encryption type error messages:
2023/08/11 09:55:17 could not login client: [Root cause: KDC_Error] KDC_Error: AS Exchange Error: kerberos error response from KDC: KRB Error: (14) KDC_ERR_ETYPE_NOSUPP KDC has no support for encryption type
Upon inspecting my krb5.conf, I noticed that the linux server had specified several encryption types as preferred where as my laptop did not:
Reproduction Steps
Question/Bug It seems that the encryption types are made case-sensitive by this function: https://github.com/jcmturner/gokrb5/blob/855dbc707a37a21467aef6c0245fcf3328dc39ed/iana/etypeID/constants.go#L91
Since linux does not seem to have issues with the upper-case encryption types, should the look up of the type be converted to lowercase before look up?
Data