GSSAPI on Linux using Windows AD Servers as KDCs - Errors about Keytab Entries
Jason D. McCormick
jason at devrandom.org
Mon Jan 7 10:58:32 EST 2008
Douglas E. Engert wrote:
> The problem might be that on the AD account the UserAccountControl flag
> does not have the USE_DES_KEY_ONLY 0x200000 set, So AD is returning an
> ArcFour ticket, which is not in the keytab. ktpass has a /DESOnly option
> to set this.
>
> See kb 305144 too.
I'll give that a shot, thanks.
> Why are you using DES? All the newer Kerberos can use ArcFour. So try
> ktpass witout the crypto option.
Do you know if the Linux NFSv4 stuff can use ArcFour? I've only been
able to find (older - circa '06) docs that state the only working type
is des-cbc-crc.
- Jason
More information about the Kerberos
mailing list