Auth problem while interop with win2k3

Jeffrey Altman jaltman2 at
Fri Sep 24 11:11:56 EDT 2004

Tom Yu wrote:

>>>>>>"jaltman2" == Jeffrey Altman <jaltman2 at> writes:
> jaltman2> It does not make much sense that the KDC is issuing
> jaltman2> a ticket protected by 3DES when 3DES is not in the list
> jaltman2> of supported enctypes provided in the AS_REQ.
> The "tkt" enctype is that used by the service to decrypt the ticket.
> It doesn't matter that the client doesn't understand it (though there
> was a bug in our early client code -- krb5-1.0.x? -- that would cause
> a client to reject a ticket whose enctype it didn't understand).
> ---Tom

Yes. That is part of the reason why I asked about which enc-types
are specified for the principal.  The error that was logged to the
Windows Event queue stated that the host/machine at REALM ticket
presented to the machine was of type 3DES.  Windows does not support
3DES.  So if the host/machine at REALM principal contains 3DES keys,
that is a problem that needs to be corrected.

Jeffrey Altman

This e-mail account is not read on a regular basis.
Please send private responses to jaltman at mit dot edu

More information about the Kerberos mailing list