"key type not supported" and XP SP2 changes ?

Sam Hartman hartmans at MIT.EDU
Tue Sep 7 18:56:07 EDT 2004

>>>>> "Tim" == Tim Alsop <Tim.Alsop at cybersafe.ltd.uk> writes:

    Tim> Jeffrey, Sorry to be confusing. Our code is not requesting a
    Tim> tgt, but I know for a fact that setting AllowTGTSessionKey to
    Tim> 0 on XP SP2 (the default setting) causes our code to work as
    Tim> required, but setting it to 1 causes it to complain with "key
    Tim> type not supported". My explanation I have given so far has
    Tim> been based on my assumptions from this test - maybe wrongly,
    Tim> but I am trying to draw a conclusion and it seems likely to
    Tim> me that if the key is not exported we don't give an error
    Tim> because we don't see the RC4 key. 

Why don't you modify your code to map unsupported key types to the
same null key type you get when you try to look at the key and
AllowTGTSessionKey is set to 0?  I.E. emulate the behavior you desire.


More information about the Kerberos mailing list