kerberos preauthentication IIS

Sam Hartman hartmans at MIT.EDU
Wed Nov 12 23:46:03 EST 2008

Setting the default_tgs_enctypes and the default_tkt_enctypes is a fairly bad idea from a security standpoint.
It forces you to use DES, which is fairly insecure at this point rather than RC4.

Also, krb5_get_in_tkt is a deprecated API; use krb5_get_init_creds_password instead.

More information about the krbdev mailing list