Unable to have KDC use different enctype for session/service key

Ken Hornstein kenh at cmf.nrl.navy.mil
Tue Sep 17 13:03:00 EDT 2002

>Interesting.  I thought that got fixed about the same time that we
>stopped confusing the ticket encryption type with the session key

That was probably in the 1.1 timeframe, right?  My "old" clients are
1.0.6-vintage.  Yes, they need to be hunted down and killed, eventually ...
but that's still a ways off.

A code inspection of the new library leads me to believe that if I made
the single-DES enctype be first in the credential cache, that would be
the one that would be used even by clients supporting 3DES.  Given
_that_ (assuming I'm right, and it's certainly possible that I'm not),
is there another option?  (Other than restricting session key enctypes
on the KDC, which right now seems like my only choice).


More information about the krbdev mailing list