GSSAPI interoperability problem between Java 1.5 & MIT Kerberos

[Ken Hornstein]

>I do agree it is sub-optimal that the MIT implementation does not
>support des-mac.  I'm not at all sure it is worth fixing; it would be
>years before we got the fix everywhere and it does not seem that DES's
>lifetime is that long.

In addition, it doesn't seem to me that there's a way to discover if the
remote site supports des-mac, and the RFC does indicate that not every
implementation supports it.  Given that, if you want to hax maximum
interoperability, it seems to me that you should never use it.

--Ken