Getting a DES-encrypted TGT from AD server

M. S. Sriram mssriram at arkinsys.com
Tue Oct 14 09:59:58 EDT 2003


Hello,

I am trying to pass delegated credentials from Internet Explorer to
IIS, where the credentials are being accessed by an application that
only supports DES encryption types.

I have used AD server settings to cause the original TGT (issued on
signin) to use DES-CBC-MD5, but I find (examining the client's
credential cache) that the forwarded TGT uses RSADSI-RC4-HMAC.

Is there any way to force AD server to use only DES encryption type
for a user? (If this is not the right group for this question, I'd
appreciate a pointer to a more appropriate forum.)

- Sriram


More information about the Kerberos mailing list