kerberos/spnego sso closer
John User
johnuser755 at yahoo.com
Thu Sep 7 10:51:35 EDT 2006
Michael,
Not really sure myself. Did talk to a bea rep and was
given the same response , with the following
additional info:
when running ktpass on winn3k3 server and not setting
the encryption type, the default is: des-cbc-crc.
He could not answer why it made a difference though.
But FYI re your regeneration point: prior to this we
had regenerated the key a lot - though we never
actually specified the encryption type.
The only other change that accompanied this was the
encryption type being set to des-cbc-md5 in the
/etc/krb5.conf file on the linux box
--- Michael B Allen <mba2000 at ioplex.com> wrote:
> On Tue, 5 Sep 2006 22:30:33 -0700 (PDT)
> John User <johnuser755 at yahoo.com> wrote:
>
> >
> > Maybe a step closer:
> > when running ktpass used crypto type des-crc-md5
> > There is now a session ticket avaiable to both IE
> and
> > firefox.
>
> I don't really understand this since IE nor FF have
> knowledge of the
> enctype until they actually try to get a ticket. It
> also shouldn't make
> any difference what the enctype is. I suspect the
> client was in fact
> trying to get a ticket but was failing and resetting
> the password /
> regenerating the key resolved the problem.
>
> Mike
>
> --
> Michael B Allen
> PHP Active Directory SSO
> http://www.ioplex.com/
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the Kerberos
mailing list