another similar enctype issue
hartmans at MIT.EDU
Wed Sep 28 17:54:33 EDT 2005
It's not clear to me that your fix is correct. Your fix causes the
client to actually use des-cbc-md5 even though the client only is
permitted to use des-cbc-crc by policy.
There appears to be code in our KDC at least to return des-cbc-crc
preauth if there is a des-cbc-md5 key and vice versa. This code will
never return a key the client did not request.
So, I tend to consider this a KDC side issue not a client side issue.
More information about the krbdev