Turning off "Use DES encryption types" on domain controller

Ali Akhavan alia at simba.com
Thu Mar 31 14:10:34 EDT 2011


Hello everyone, 

  I have a Java GSS client that establishes a security context using
Kerberos with a C++ server. The server uses SSPI libraries from Windows
to accept the security token sent by the client. The service account
that I use for the server has the flag "Use DES encryption types for
this account" checked on the domain controller. And everything works as
expected.

 

Now the problem is that when I uncheck this option on DC, the server is
no longer able to accept the binary token that client sends to it. The
error returns from SSPI Kerberos AcceptSecurityContext function is
0x8009030e which indicates that credentials are not available on the
server. I can only think that the server is no longer able to decrypt
the token sent by the client, but don't know how to resolve it. 

 

Any ideas ? 

 

Thanks 

Ali

 

 

Ali Akhavan | Computer Scientist | Simba Technologies Inc. 
Email: alia at simba.com <mailto:toari at simba.com>   
Tel +1.604.633.0008 ext. 239 | Fax +1.604.633.0004

 

938 West 8th Avenue | Vancouver, BC | Canada | V5Z 1E5

Your Competitive Advantage for Data Connectivity Solutions
www.simba.com <http://www.simba.com/> 

 

This email message is for the sole use of the intended recipient(s) and
may contain confidential and privileged information.  Any unauthorized
review, use, disclosure, or distribution is prohibited.  If you are not
the intended recipient, please contact the sender by reply email and
destroy all copies of the original message.  Thank you.

 




More information about the Kerberos mailing list