more etype question
Paul B. Hill
pbh at MIT.EDU
Wed Dec 3 20:15:31 EST 2003
The default behavior of the APIs used by MS2MIT have changed in Win2k3.
If you set HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\
AllowTgtSessionKey = 1 (REG_DWORD)
Then ms2mit will be able to propagate the session key into the MIT cache.
Paul
-----Original Message-----
From: kerberos-bounces at MIT.EDU [mailto:kerberos-bounces at MIT.EDU] On Behalf
Of Peter Huang
Sent: Wednesday, December 03, 2003 6:12 PM
To: kerberos at mit.edu
Subject: more etype question
When I do ms2mit.exe to get kerberos ticket from win2k3, I get the something
like
renew until 12/10/03 14:51:08, Etype (skey, tkt): etype 0, ArcFour
with MAC/md5
However, if I do a kinit against win2k3, I get something like
renew until 12/04/03 14:54:01, Etype (skey, tkt): ArcFour with
HMAC/md5, ArcFour with HMAC/md5
It seems to me that ms2mit.exe is not doing the right thing by not having
the proper skey type. However, it could be the ticket cache from MS which
does not have the enc key type. Could someone mind tell me what is going on
here?.
thanks
-peter huang
________________________________________________
Kerberos mailing list Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list