Auth problem while interop with win2k3
jaltman2 at nyc.rr.com
Fri Sep 24 11:11:56 EDT 2004
Tom Yu wrote:
>>>>>>"jaltman2" == Jeffrey Altman <jaltman2 at nyc.rr.com> writes:
> jaltman2> It does not make much sense that the KDC is issuing
> jaltman2> a ticket protected by 3DES when 3DES is not in the list
> jaltman2> of supported enctypes provided in the AS_REQ.
> The "tkt" enctype is that used by the service to decrypt the ticket.
> It doesn't matter that the client doesn't understand it (though there
> was a bug in our early client code -- krb5-1.0.x? -- that would cause
> a client to reject a ticket whose enctype it didn't understand).
Yes. That is part of the reason why I asked about which enc-types
are specified for the principal. The error that was logged to the
Windows Event queue stated that the host/machine at REALM ticket
presented to the machine was of type 3DES. Windows does not support
3DES. So if the host/machine at REALM principal contains 3DES keys,
that is a problem that needs to be corrected.
This e-mail account is not read on a regular basis.
Please send private responses to jaltman at mit dot edu
More information about the Kerberos