HELP! Linux KDC error with des-cbc-md5 etype client

[Khosrova, Eliza]

Hello,

We are running an MIT Kerberos V5 KDC, installed using the package:
krb5-server - 1.4.3-4.1.i386.

We have a Kerberos client application that runs under Windows.  The
client application can only support des-cbc-md5.  When the client app
sends AS-REQ using only supported etype: des-cbc-md5, the KDC responds
with KRB Error: KRB5 KDC_ERR_ETYPE_NOSUPP.

It seems like our Linux KDC by default also needs (des-cbc-crc) even
though we only listed des-cbc-md5 in KDC configuration file.  The reason
is that when we try to authenticate locally on Linux box using the same
user we tried from our Kerberos client application, the KDC log file
shows the generated AS-REP w/ etypes (rep=3 tkt=3 ses=1) as shown below
so it looks like session or whatever ses is created using etype=1:

Oct 24 17:27:31 test.server.com krb5kdc[3116](info): AS_REQ (2 etypes {3
1}) 111.222.33.44: ISSUE: authtime 1161736051, etypes {rep=3 tkt=3
ses=1}, test at SERVER.COM for krbtgt/EA49.COM at EA49.COM

If we change krb5.conf on Linux box for the test user to only list etype
of des-cbc-md5 and remove des-cbc-crc, then we can no longer login even
locally from Linux box.  So, it seems like KDC requires the client to
support etype of 1 which is des-cbc-crc.  

Any suggestions on how to make or force our Linux KDC to only use
des-cbc-md5 for everything and not use des-cbc-crc?

Thanks in advance for your prompt response.
Eliza