krb1.2.3 on win2k using win2k active directory
John Brezak
jbrezak at windows.microsoft.com
Mon Mar 18 15:33:46 EST 2002
What version of Windows 2000 are you using? You might need to update it
to the export grade encryption pack.
-----Original Message-----
From: David Bailey [mailto:D.Bailey at Bristol.ac.uk]
Sent: Monday, March 18, 2002 9:17 AM
To: kerberos at mit.edu
Subject: Re: krb1.2.3 on win2k using win2k active directory
Hi,
I've read the MS whitepaper. The supported encryption types are claimed
to be des-cbc-md5 and des-cbc-crc. I've set the default encryption type
to both (separately and together) with the same results as before.
Still stumped...
Cheers,
Dave
""Booker C. Bense"" <bbense at networking.stanford.edu> wrote in message
news:Pine.GSO.4.44.0203180638270.27411-100000 at shred.stanford.edu...
> On Mon, 18 Mar 2002, David Bailey wrote:
>
[snipped for readability]
> - This has nothing to do with a keytab. It's saying that you are
> asking for a kind of key that the KDC doesn't support. There is some
> mismatch in the configuration between your client and the KDC.
>
> - This is just a total guess, but it may be that you're asking for a
> triple DES key. I have no idea if the W2K KDC supports that or not.
>
> - You can control the kind of key you ask for on the MIT client side
> by using the libdefaults options
>
> default_tgs_enctypes = des-cbc-crc
> default_tkt_enctypes = des-cbc-crc
>
> - That's what works here, I suggest you read the MS white paper on
> kerberos interoperablity for all the available options.
>
> - Booker C. Bense
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> http://mailman.mit.edu/mailman/listinfo/kerberos
>
________________________________________________
Kerberos mailing list Kerberos at mit.edu
http://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list