"key type not supported" and XP SP2 changes ?
Sam Hartman
hartmans at MIT.EDU
Tue Sep 7 18:56:07 EDT 2004
>>>>> "Tim" == Tim Alsop <Tim.Alsop at cybersafe.ltd.uk> writes:
Tim> Jeffrey, Sorry to be confusing. Our code is not requesting a
Tim> tgt, but I know for a fact that setting AllowTGTSessionKey to
Tim> 0 on XP SP2 (the default setting) causes our code to work as
Tim> required, but setting it to 1 causes it to complain with "key
Tim> type not supported". My explanation I have given so far has
Tim> been based on my assumptions from this test - maybe wrongly,
Tim> but I am trying to draw a conclusion and it seems likely to
Tim> me that if the key is not exported we don't give an error
Tim> because we don't see the RC4 key.
Why don't you modify your code to map unsupported key types to the
same null key type you get when you try to look at the key and
AllowTGTSessionKey is set to 0? I.E. emulate the behavior you desire.
--Sam
More information about the Kerberos
mailing list