Yesterday all kerberos packages on in my container builds got updated to 1.18.2-5.el8 and 1.17-18.el8 is no longer available.
This is causing some big problems on servers.
Our connections all show
Pre-authentication failed: No key table entry found for user@domain
Thanks.
You upgraded to CentOS 8.3, which includes a rebased Kerberos.
To quote from the RHEL 8.3 release notes:
krb5 rebased to version 1.18.2
The krb5 packages have been upgraded to upstream version 1.18.2. Notable fixes and enhancements include:
- Single- and triple-DES encryption types have been removed.
- Draft 9 PKINIT has been removed as it is not needed for any of the supported versions of Active Directory.
- NegoEx mechanism plug-ins are now supported.
- Hostname canonicalization fallback is now supported (dns_canonicalize_hostname = fallback).
(BZ#1802334)
You didn't say what problems you are having (and you should have!). But I would guess based on experience that you still have ancient stuff in your environment that was using 3DES or DES. Of course all of that stuff should have been reconfigured, upgraded or decommissioned many years ago. Since nobody did, now is the time to do it.
This fixed all our problems: http://plosquare.blogspot.com/2013/01/solution-for-key-table-entry-not-found.html
Specifically we added
default_tkt_enctypes = arcfour-hmac-md5
default_tgs_enctypes = arcfour-hmac-md5
to the /etc/krb5.conf