How to prevent getting rc4-hmac data

[Sam Hartman]

>>>>> "Neulinger," == Neulinger, Nathan <nneul at umr.edu> writes:

    Neulinger,> You know of any way to request des only from the
    Neulinger,> client side with gssapi? I can set the DES-only flag
    Neulinger,> in AD if necessary, but have not yet needed to.

Yes I do, but the correct fix is to set the DES only flag unless all
the services on that host can actually accept RC4.

The KDC and server must agree on what enctypes are supported by the
service.