Unable to have KDC use different enctype for session/service key
Sam Hartman
hartmans at MIT.EDU
Tue Sep 17 12:07:01 EDT 2002
>>>>> "Ken" == Ken Hornstein <kenh at cmf.nrl.navy.mil> writes:
>> If you have central applications what I'd suggest doing is
>> getting both 3des and des session key tickets at the same
>> timewhen a new client kinits.
Ken> Hm, well, that seems like it could work. Is there a way to
Ken> do that? I mean, I thought you could only have one session
Ken> key per ticket.
Well, from the command line
kinit foo
kvno -e des-cbc-crc krbtgt/realm at realm
There is not currently an option to do that at initial credentials
time, but such an option seems potentially useful for migrations.
More information about the krbdev
mailing list