Greg Hudson ghudson at MIT.EDU
Fri Jan 18 15:21:39 EST 2013

On 01/17/2013 05:36 PM, Abhilash S wrote:
> We have some issues with "des-cbc-md5" encryption in key tab auth.
> When we try to use key tab, KDC throwing error as BAD_ENCRYPTION_TYPE .
> we have "*allow_weak_crypto = true" *in the krb config file which is
> mentioned below
> I have renamed realm name with "EX.COM" in config
> kdc version : 1.10.3

What client implementation and version?

Due to a very old interoperability issue, our KDC mostly refuses to
issue des-cbc-md5 session keys (I say "mostly" because you can override
this with the session_enctypes string attribute in 1.11).

More information about the krbdev mailing list