krb5 1.15 interop with Windows 2000

Weijun Wang at
Mon Sep 18 08:49:14 EDT 2017

I am running kinit against a Windows 2000 server and see 

  kinit: KDC has no support for encryption type while getting initial credentials

After I remove the aes-sha2 etypes from default_tkt_enctypes from krb5.conf, kinit succeeds.

Looks like although Windows 2000 uses RC4-HMAC, it is aware of aes-sha1 etypes and allows them in etypes in AS-REQ. However, when aes-sha2 etypes appear there, it fails.

Is this an known issue?


More information about the krbdev mailing list