Windows client authentication on MIT KDC without single-DES

Garrett Wollman wollman at
Mon Oct 27 18:06:34 EST 2003

I notice that the most recent Kerberos release (or at least our
upgrade to the most recent release) made it possible for the KDC to
support Microsoft's RC4-HMAC keytype.  I have already performed the
`ksetup' steps on the Windows client as described in Microsoft's
documentation, and I added rc4-hmac:normal to supported_keytypes in
the appropriate stanza kdc.conf.  I changed my password to explicitly
include an rc4-hmac key.  I still don't get Windows credentials (at
least according to kerbtray.exe).

Is this supposed to work?  If so, is there any other configuration on
the KDC that needs to take place?  Is there a way I can configure the
MIT client to emulate what the Windows client is doing so that I can
better analyze what is happening?


Garrett A. Wollman   | As the Constitution endures, persons in every
wollman at  | generation can invoke its principles in their own
Opinions not those of| search for greater freedom.
MIT, LCS, CRS, or NSA| - A. Kennedy, Lawrence v. Texas, 539 U.S. ___ (2003)

More information about the Kerberos mailing list