GSSAPI interoperability problem between Java 1.5 & MIT Kerberos

Ken Hornstein kenh at
Wed Jan 11 10:34:39 EST 2006

>I do agree it is sub-optimal that the MIT implementation does not
>support des-mac.  I'm not at all sure it is worth fixing; it would be
>years before we got the fix everywhere and it does not seem that DES's
>lifetime is that long.

In addition, it doesn't seem to me that there's a way to discover if the
remote site supports des-mac, and the RFC does indicate that not every
implementation supports it.  Given that, if you want to hax maximum
interoperability, it seems to me that you should never use it.


More information about the krbdev mailing list