[SOLVED] Problem with stand-alone Windows 2003 client authenticating to MIT KDC
Sean M. Pappalardo
spappalardo at renegadetech.com
Wed Apr 17 13:26:51 EDT 2013
Hello once again.
Thanks to cclausen of the MIT Kerberos team, the problem was that my
host principal contained encryption types that Server 2003 doesn't
support, specifically "AES-256 CTS mode with 96-bit SHA-1 HMAC."
Re-creating the host principal without that encryption type (using only
"ArcFour with HMAC/md5" and "Triple DES cbc mode with HMAC/sha1") did
the trick. (So I added "-e arcfour-hmac:normal,des3-cbc-sha1:normal" to
the addprinc command.)
THANK YOU SO MUCH!!
Sincerely,
Sean M. Pappalardo
Sr. Networks Engineer
Renegade Technologies
spappalardo at renegadetech.com
Office: (630) 631-6188
http://www.renegadetech.com
<<--------------------------------------------------------------------------------->>
This E-Mail message has been scanned for viruses & content
and cleared by >>smaRTmail<< from Renegade Technologies
http://www.renegadetech.com/
<<--------------------------------------------------------------------------------->>
More information about the Kerberos
mailing list