Why don't you want to support AES in the GSS Kerberos mechanism? On Fri, 18 Apr 2003, Ken Raeburn wrote: > The current plan for MIT's 1.3 release is to include AES support in > the krb5 library, and have it turned on by default, but no support in > the GSS Kerberos mechanism. It's looking like this combination could > be a problem. > > ...