another similar enctype issue

Sam Hartman hartmans at MIT.EDU
Wed Sep 28 17:54:33 EDT 2005

It's not clear to me that your fix is correct.  Your fix causes the
client to actually use des-cbc-md5 even though the client only is
permitted to use des-cbc-crc by policy.

There appears to be code in our KDC at least to return des-cbc-crc
preauth if there is a des-cbc-md5 key and vice versa.  This code will
never return a key the client did not request.

So, I tend to consider this a KDC side issue not a client side issue.

More information about the krbdev mailing list