Getting a DES-encrypted TGT from AD server
ARechenberg at shermanfinancialgroup.com
Tue Oct 14 11:46:58 EDT 2003
In Active Directory Users and Computers:
. Open the user's properties
. Click on the Account tab
. Scroll down to the bottom of the Account options window
. Click the checkbox labeled 'Use DES encryption types for this
You may start to get warnings and/or errors in your System log from the
KDC about this change, but everything should still work.
On Tue, 2003-10-14 at 09:59, M. S. Sriram wrote:
> I am trying to pass delegated credentials from Internet Explorer to
> IIS, where the credentials are being accessed by an application that
> only supports DES encryption types.
> I have used AD server settings to cause the original TGT (issued on
> signin) to use DES-CBC-MD5, but I find (examining the client's
> credential cache) that the forwarded TGT uses RSADSI-RC4-HMAC.
> Is there any way to force AD server to use only DES encryption type
> for a user? (If this is not the right group for this question, I'd
> appreciate a pointer to a more appropriate forum.)
> - Sriram
> Kerberos mailing list Kerberos at mit.edu
Infrastructure Team, Sherman Financial Group
More information about the Kerberos