[SOLVED] Problem with stand-alone Windows 2003 client authenticating to MIT KDC
Tom Yu
tlyu at MIT.EDU
Wed Apr 17 14:08:43 EDT 2013
"Sean M. Pappalardo" <spappalardo at renegadetech.com> writes:
> Thanks to cclausen of the MIT Kerberos team, the problem was that my
Small correction: cclausen is a valued member of the Kerberos
community, but he is not a member of the MIT Kerberos team.
> host principal contained encryption types that Server 2003 doesn't
> support, specifically "AES-256 CTS mode with 96-bit SHA-1 HMAC."
> Re-creating the host principal without that encryption type (using only
> "ArcFour with HMAC/md5" and "Triple DES cbc mode with HMAC/sha1") did
> the trick. (So I added "-e arcfour-hmac:normal,des3-cbc-sha1:normal" to
> the addprinc command.)
I am interested in obtaining more detailed information, but I will
follow up later with specifics.
More information about the Kerberos
mailing list