Win 2008R2 kdc and linux client: no support for encryption type while getting initial credentials - SOLVED
Lars Schimmer
l.schimmer at cgv.tugraz.at
Thu Mar 25 04:22:51 EDT 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michael B Allen wrote:
> On Mon, Mar 22, 2010 at 12:01 PM, Lars Schimmer
> <l.schimmer at cgv.tugraz.at> wrote:
>> Hi!
>>
>> Just want to note here, that problem was solved with a (not yet public)
>> patch from Microsoft.
>> http://support.microsoft.com/?kbid=978055
>>
>> Go and ask your Microsoft Support for it.
>>
>> Looks like it only happens on x64 servers.
>
> Hi Lars,
>
> Actually I would not be surprised if that "hot fix" is never made
> public. DES is being phased out. If you have any Windows accounts that
> use DES, you should update them to AES-256, AES-128 or RC4 in that
> order of preference.
As others already posted, I need DES enctypes for OpenAFS.
OpenAFS is already on the way to be able to use newer/better/safer
enctypes, but it cannot change overnight.
Thanks to Jeffrey Altman for the notice about patch being published by MS.
And as addendum: patch is needed if you run a Win2003 Server and a
Win2008R2 x64 server and you need DES enctypes.
> Mike
>
MfG,
Lars Schimmer
- --
- -------------------------------------------------------------
TU Graz, Institut für ComputerGraphik & WissensVisualisierung
Tel: +43 316 873-5405 E-Mail: l.schimmer at cgv.tugraz.at
Fax: +43 316 873-5402 PGP-Key-ID: 0x4A9B1723
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkurHVsACgkQmWhuE0qbFyOTawCfW90WG8IEOZyF0FyEhoJBN3xw
+6QAni2wmC3kWM7A3ldNCjCHflTr4pjL
=EzWk
-----END PGP SIGNATURE-----
More information about the Kerberos
mailing list