Aqcuiring a TGT for a host/ principal using Active Directory
Michael B Allen
ioplex at gmail.com
Wed Apr 8 13:35:16 EDT 2009
On Wed, Apr 8, 2009 at 12:54 PM, John Hefferman <john.hefferman at cern.ch> wrote:
> Dear All,
>
> The problem was definitely related to the bug with SP1, as after
> applying the hotfix and specifying +DesOnly when running ktpass, kinit
> -kt works fine.
I don't know why you should have to specify DES. The default of RC4
should work just fine unless you're using a very old Kerberos library
on the client. Or maybe you accidentally specified in your krb5.conf
that only DES enctypes should be used?
DES is basically deprecated. If I'm not mistaken I think Heimdal has
actually removed DES support.
You're setting yourself up for a migration migraine.
Mike
--
Michael B Allen
Java Active Directory Integration
http://www.ioplex.com/
More information about the Kerberos
mailing list