cross-realm authentication failing w/rc4-hmac
bj_rui
bj_rui at hotmail.com
Mon Nov 10 13:38:07 EST 2003
i have users logging in to a win2k domain using their kerberos principals
from a different realm (mit krb5-1.3.1). everything works as expected using
single des, but if i try to use rc4-hmac first pre-authentication fails, then
if i turn off the requires_preauth bits for the user's principal as well as
the principal of the win domain's tgs, i get an error stating:
"krb5kdc_err_etype_nosupp" on the as request. if i switch back to des:normal
everything works again. i have sp4 as well as the high-encryption pack
installed on a win2kpro workstation. the ad server is win2003, though i don't
think i'm getting far enough for that to be a problem. any ideas why this
would be happening?
More information about the Kerberos
mailing list