more etype question

Peter Huang peter.huang at hp.com
Thu Dec 4 17:17:10 EST 2003


thank you for the good information here.  It works just as you described.  I
wonder what trigger the change in API.
-peter


""Paul B. Hill"" <pbh at MIT.EDU> wrote in message
news:200312040116.hB41GRRv029806 at melbourne-city-street.mit.edu...
> The default behavior of the APIs used by MS2MIT have changed in Win2k3.
>
> If you set HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\
> AllowTgtSessionKey = 1 (REG_DWORD)
>
> Then ms2mit will be able to propagate the session key into the MIT cache.
>
> Paul
>
> -----Original Message-----
> From: kerberos-bounces at MIT.EDU [mailto:kerberos-bounces at MIT.EDU] On Behalf
> Of Peter Huang
> Sent: Wednesday, December 03, 2003 6:12 PM
> To: kerberos at mit.edu
> Subject: more etype question
>
> When I do ms2mit.exe to get kerberos ticket from win2k3, I get the
something
> like
>
>        renew until 12/10/03 14:51:08, Etype (skey, tkt): etype 0, ArcFour
> with MAC/md5
>
> However, if I do a kinit against win2k3, I get something like
>          renew until 12/04/03 14:54:01, Etype (skey, tkt): ArcFour with
> HMAC/md5, ArcFour with HMAC/md5
>
>
> It seems to me that ms2mit.exe is not doing the right thing by not having
> the proper skey type.  However, it could be the ticket cache from MS which
> does not have the enc key type.  Could someone mind tell me what is going
on
> here?.
>
> thanks
> -peter huang
>
>
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>




More information about the Kerberos mailing list