Unable to have KDC use different enctype for session/service key
hartmans at MIT.EDU
Tue Sep 17 12:07:01 EDT 2002
>>>>> "Ken" == Ken Hornstein <kenh at cmf.nrl.navy.mil> writes:
>> If you have central applications what I'd suggest doing is
>> getting both 3des and des session key tickets at the same
>> timewhen a new client kinits.
Ken> Hm, well, that seems like it could work. Is there a way to
Ken> do that? I mean, I thought you could only have one session
Ken> key per ticket.
Well, from the command line
kvno -e des-cbc-crc krbtgt/realm at realm
There is not currently an option to do that at initial credentials
time, but such an option seems potentially useful for migrations.
More information about the krbdev