[30984] in Kerberos
Re: Aqcuiring a TGT for a host/ principal using Active Directory
daemon@ATHENA.MIT.EDU (Michael B Allen)
Wed Apr 8 13:35:57 2009
X-Barracuda-Envelope-From: ioplex@gmail.com
MIME-Version: 1.0
In-Reply-To: <5DEBEADA3C05964F9A8D57D1B4DE467D02EA4A07@cernxchg42.cern.ch>
Date: Wed, 8 Apr 2009 13:35:16 -0400
Message-ID: <78c6bd860904081035o4d56b914we97f17631960f656@mail.gmail.com>
From: Michael B Allen <ioplex@gmail.com>
To: John Hefferman <john.hefferman@cern.ch>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Wed, Apr 8, 2009 at 12:54 PM, John Hefferman <john.hefferman@cern.ch> wrote:
> Dear All,
>
> The problem was definitely related to the bug with SP1, as after
> applying the hotfix and specifying +DesOnly when running ktpass, kinit
> -kt works fine.
I don't know why you should have to specify DES. The default of RC4
should work just fine unless you're using a very old Kerberos library
on the client. Or maybe you accidentally specified in your krb5.conf
that only DES enctypes should be used?
DES is basically deprecated. If I'm not mistaken I think Heimdal has
actually removed DES support.
You're setting yourself up for a migration migraine.
Mike
--
Michael B Allen
Java Active Directory Integration
http://www.ioplex.com/
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
