kinit des and Win2k

Douglas E. Engert deengert at anl.gov
Mon May 24 16:13:30 EDT 2004



melissa_benkyo wrote:
> 
> hello all,
> 
> I have a question. I'm using kerberos krb5-1.2.5-6.src.rpm in unix and
> I setup prinicpals on my AD win2k.

Windows 2000 AD yes, but Windows 2003 AD maybe. krb5-1.2 does not support
TCP but krb5-1.3.x does. If you user are in many groups, the ticket will 
be big and require TCP. 

> I also set up the principal to Use
> DES encryption types for this account. 

But what is in the krb5.conf? Have you set default_tkt_enctypes and 
default_tgs_enctypes?

> But I still get pre-authentication failure on my AD. 

You mean the kinit fails with some pre authentication message?
What is the message?

>Is it not possible to use this
> option and get a ticket using kinit without failures?

> 
> thanks! I'm just confused. :(

If possible upgrade to krb5-1.3.x for better interoperability with Windows.


> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos

-- 

 Douglas E. Engert  <DEEngert at anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444


More information about the Kerberos mailing list