Incompatibility between krb's AES256-CTS-HMAC-SHA1-96 and Microsoft Windows Domain
iboukris at gmail.com
Fri Nov 10 01:42:41 EST 2017
On Fri, Nov 10, 2017 at 7:08 AM, Ido Shlomo <shloim at gmail.com> wrote:
> Thank you. I understand the options, but I am not familiar with tools that
> may do that automatically. (currently this entire process is automated using
> shell scripts).
If you know the salt and it is different than what ktutil uses, then
you may be able to build the ktutil from git master which let's you
specify the salt.
For troubleshooting, i'd still suggest to try kinit and see what salt
the actually is, like:
KRB5_TRACE=/dev/stdout kinit principal |grep salt
More information about the krbdev