krb5 1.15 interop with Windows 2000
kaduk at mit.edu
Mon Sep 18 17:52:12 EDT 2017
On Mon, Sep 18, 2017 at 11:06:20PM +0800, Weijun Wang wrote:
> Just tried some different combinations of default_tkt_enctypes. This error only happens when aes256-sha2 is placed before rc4-hmac. All other etypes are safe.
> BTW, the server does not complain with its 1st PREAUTH_REQUIRED response, and in my 2nd AS-REQ, if I provide a wrong password, the error is PASSWORD_INCORRECT. Only if I provide the correct password it returns this error. Seems like it decides to choose etype of 20 but only realize it's not supported after a while.
Just noting that this thread would be on-topic for the kitten at ietf.org list
if you wanted to mention it there.
More information about the krbdev