Option for multiple PA-ETYPE-INFO(2)-ENTRY (old behaviour)

Greg Hudson ghudson at mit.edu
Fri Nov 18 18:06:29 EST 2016


I thought of another possible workaround that doesn't involve code
changes to 1.14, which is to do (in kadmin):

  setstr krbtgt/REALM session_enctypes "aes256-cts aes128-cts"

I have opened http://krbdev.mit.edu/rt/Ticket/Display.html?id=8167 for
this issue, and we may introduce a KDC workaround in the future, along
the lines of the patch I suggested in the last message.


More information about the Kerberos mailing list