Getting a DES-encrypted TGT from AD server

Tim Alsop Tim.Alsop at CyberSafe.Ltd.UK
Thu Oct 16 07:31:21 EDT 2003


Thankyou. We have been using kerbtray. I am pleased that you are able to see
same problem, but was hoping you (or somebody else) could give us a
solution. I am aware that there are some registry hacks available from MS to
change the behaiviour of Kerberos, so I wondered if such a registry key
existed to cause forwarded tgt to be issued using same key types as the
initial tgt. Also, if we could disable rc4 on Active Directory somehow this
might help us.


"Calimer0" <cryos98 at> wrote in message
news:3e217f40.0310160320.4b454995 at
> The actual issue is not on the intiial tgt, but on the tgt obtained when
> initial tgt is forwarded.

> On IIS we receive the forwarded tgt, but the keytype for the forwarded
> of the initial tgt seems to be RC4-HMAC and not DES.

I've tried in my little test network and I've got the same strange
behaviour: the forwarded ticket granting ticket is encrypted with RC4,
even if the session key in still encrypted with DES. Sorry, I'm not
able to help you.  Just a little tip: if you need to know what tickets
are in your credential cache you can use kerbtray or a network sniffer
like ethereal.
you can find kerbtray from microsoft here:

More information about the Kerberos mailing list