GSS-API and 3DES
hartmans at MIT.EDU
Fri Oct 4 16:43:01 EDT 2002
des3-cbc-raw is always wrong to use as a key; it is an internal enctype that you should never put in supported_enctypes in your kdc.conf.
Yes, des3-cbc-sha1 is known to work for GSSAPI. I suspect you have
overly restrictive default_tgs_enctypes or default_tkt_enctypes on
your client; comment them out and see what happens.
If that doesn't work ask for help on kerberos at mit.edu.
More information about the krbdev