GSSAPI interoperability problem between Java 1.5 & MIT Kerberos

Ken Hornstein kenh at
Tue Jan 10 17:39:42 EST 2006

>>You know, we did try it with other encryption types (at least for the LDAP
>>service key in question), but that didn't change anything.
>Did you try with following Kerberos configuration :
>default_tkt_enctypes = des-cbc-md5
>default_tgs_enctypes = des-cbc-md5

Err .. it's really difficult to get an MIT KDC to generate a des-cbc-md5
session key.  At least, it was when I tried to do it, and it caused so many
problems last time I tried I didn't even think about it.  I'll ask the
developer in question to try it.

>>Great!  Do you know when it will be fixed?  Also, what version of Java will
>>include this fix?
>Plan to fix this in Java SE 6 and Java 5.0 Update release.



More information about the krbdev mailing list