krb5 1.15 interop with Windows 2000

Benjamin Kaduk kaduk at
Mon Sep 18 17:52:12 EDT 2017

On Mon, Sep 18, 2017 at 11:06:20PM +0800, Weijun Wang wrote:
> Just tried some different combinations of default_tkt_enctypes. This error only happens when aes256-sha2 is placed before rc4-hmac. All other etypes are safe.
> BTW, the server does not complain with its 1st PREAUTH_REQUIRED response, and in my 2nd AS-REQ, if I provide a wrong password, the error is PASSWORD_INCORRECT. Only if I provide the correct password it returns this error. Seems like it decides to choose etype of 20 but only realize it's not supported after a while.

Just noting that this thread would be on-topic for the kitten at list
if you wanted to mention it there.


More information about the krbdev mailing list