Aqcuiring a TGT for a host/ principal using Active Directory

Michael B Allen ioplex at gmail.com
Wed Apr 8 13:35:16 EDT 2009


On Wed, Apr 8, 2009 at 12:54 PM, John Hefferman <john.hefferman at cern.ch> wrote:
> Dear All,
>
> The problem was definitely related to the bug with SP1, as after
> applying the hotfix and specifying +DesOnly when running ktpass, kinit
> -kt works fine.

I don't know why you should have to specify DES. The default of RC4
should work just fine unless you're using a very old Kerberos library
on the client. Or maybe you accidentally specified in your krb5.conf
that only DES enctypes should be used?

DES is basically deprecated. If I'm not mistaken I think Heimdal has
actually removed DES support.

You're setting yourself up for a migration migraine.

Mike

-- 
Michael B Allen
Java Active Directory Integration
http://www.ioplex.com/



More information about the Kerberos mailing list