Unable to have KDC use different enctype for session/service key

Ken Hornstein kenh at cmf.nrl.navy.mil
Tue Sep 17 11:59:00 EDT 2002

>If you have central applications what I'd suggest doing is getting
>both 3des and des session key tickets at the same timewhen a new
>client kinits.

Hm, well, that seems like it could work.  Is there a way to do that?
I mean, I thought you could only have one session key per ticket.

>I'd also consider moving towards shared libraries for krb5.

Uh, I do.  That doesn't help when:

- The shared library version number changes (libkrb5 went from 1.0 to 3.1)
- The libraries change names (libcrypto went to libk5crypto)
- The API changes (old crypto versus new crypto).


More information about the krbdev mailing list