Calimer, Thankyou. We have been using kerbtray. I am pleased that you are able to see same problem, but was hoping you (or somebody else) could give us a solution. I am aware that there are some registry hacks available from MS to change the behaiviour of Kerberos, so I wondered if such a registry key existed to cause forwarded tgt to be issued using same key types as the initial tgt. Also, if we could disable rc4 on Active Directory somehow this might help us.
Tim. "Calimer0" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > The actual issue is not on the intiial tgt, but on the tgt obtained when the > initial tgt is forwarded. > On IIS we receive the forwarded tgt, but the keytype for the forwarded copy > of the initial tgt seems to be RC4-HMAC and not DES. I've tried in my little test network and I've got the same strange behaviour: the forwarded ticket granting ticket is encrypted with RC4, even if the session key in still encrypted with DES. Sorry, I'm not able to help you. Just a little tip: if you need to know what tickets are in your credential cache you can use kerbtray or a network sniffer like ethereal. you can find kerbtray from microsoft here: http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/kerbtray-o.asp ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
