krb5 1.15 interop with Windows 2000
weijun.wang at oracle.com
Mon Sep 18 08:49:14 EDT 2017
I am running kinit against a Windows 2000 server and see
kinit: KDC has no support for encryption type while getting initial credentials
After I remove the aes-sha2 etypes from default_tkt_enctypes from krb5.conf, kinit succeeds.
Looks like although Windows 2000 uses RC4-HMAC, it is aware of aes-sha1 etypes and allows them in etypes in AS-REQ. However, when aes-sha2 etypes appear there, it fails.
Is this an known issue?
More information about the krbdev