message size incompatible with type error for krb5-1.9 lib using Windows 2003 KDC

Luke Howard lukeh at
Wed Feb 16 20:00:33 EST 2011

> That is 0x2200200.
> You also have the USE_DES_KEY_ONLY bit (0x200000) turned on, so the Windows DC will
> assume the machine can only do DES. So that may be why the PAC signature
> is using DES.

I haven't read the whole thread, but I believe the signature is hard-coded to use RC4-HMAC (at least pre-AES).

-- Luke

More information about the krbdev mailing list