Problem with auth via keytab w/ w2k3 KDC, works fine with w2k DC

Gmane huaraz at
Thu Oct 21 20:13:14 EDT 2004


I see now a similar problem. I am running for some time MIT 1.2.4 with a 
2000 kdc. I now have to update to 2003 and noticed that I get decrypt 
integrety errors when using telnet. Everything else is the same (I use 
DESONLY, etc, ) Did you solve your issue ? How did you solve it ?


"Neulinger, Nathan" <nneul at> wrote in message 
news:5C51DC2B8353AB4BA2CD04B34F2EE79C3EFE5C at
>> >    ktutil, create keytab with that password, des-cbc-crc, kvno 1
>> >    ktutil, create keytab with that password, des-cbc-crc, kvno 3
>> This might be the problem. Can you create the the keytab with
>> des-cbc-md5,
>> as the W2003 may be only accepting des-cbc-md5 as the e-type,
>> and when used with
>> kinit, kinit may be trying to what it found in the keytab,
>> des-cbc-crc, and w2003
>> will only accept des-cbc-md5.
> No go... Still get preauthentication failed. Also tried changing the
> enctypes options in krb5.conf to only list md5 instead of crc and md5,
> also no change. Password based auth still works fine.
> ________________________________________________
> Kerberos mailing list           Kerberos at

More information about the Kerberos mailing list