<no subject>

[Sam Hartman]

>>>>> "Mark" == Mark Hendricks <mdh3 at humboldt.edu> writes:

    Mark> I posted a message earlier this week with what I believe to
    Mark> be a similar problem.

    Mark> The solution appears to be to set the following in the
    Mark> kdc.conf file.

    Mark> Added the following line to kdc.conf supported_enctypes =
    Mark> des-cbc-crc:normal

    Mark> Added the following lines to krb5.conf default_etypes =
    Mark> des-cbc-crc default_etypes_des = des-cbc-crc

    Mark> Remove all krbtgt principals and re-create using: addprinc
    Mark> -e des:normal krbtgt/<AD><REALM>

I'm not sure what problem this is designed to fix, but it sounds like
a bad idea from a security standpoint.  It will certainly mask a large
class of configuration or interoperability problems.

But pretty much all the Kerberos implementations have advanced to a
point where with even vaguely modern software, this sort of solution
is unnecessary.