message size incompatible with type error for krb5-1.9 lib using Windows 2003 KDC
lukeh at padl.com
Wed Feb 16 20:00:33 EST 2011
> That is 0x2200200.
> You also have the USE_DES_KEY_ONLY bit (0x200000) turned on, so the Windows DC will
> assume the machine can only do DES. So that may be why the PAC signature
> is using DES.
I haven't read the whole thread, but I believe the signature is hard-coded to use RC4-HMAC (at least pre-AES).
More information about the krbdev