On Wed, 22 Oct 2003 17:08:18 +0000, Sam Hartman wrote:
Alright I have found this same problem. Kerberos 5 v1.3.1 from MIT.
I am trying to get SAMBA 3.0.x running with a Windows 2003 Active
Directory but it is running in Native 2003 Mode. I am getting decrypt
integrity failed errors when I run from the the samba stuff but I can
kinit correctly.
-------------------------------------------
[EMAIL PROTECTED] ~]# klist -e
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [EMAIL PROTECTED]
Valid starting Expires Service principal
10/22/03 16:39:31 10/23/03 02:39:34 krbtgt/[EMAIL PROTECTED]
renew until 10/22/03 17:39:31, Etype (skey, tkt): DES cbc mode with CRC-32,
ArcFour with HMAC/md5
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
-----------------------------------------
Anyone know what is going on here? The samba people seem to be clueless
and seem to think that it works with 2003 in native 2003 mode.
aarghhhh.
>>>>>> "Tim" == Tim Clarke <[EMAIL PROTECTED]> writes:
>
> Tim> How do I change the tkt etype to be DES-CBC-CRC
>
> You don't. Or at least a reasonable Kerberos implementation does not
> allow the client to influence the tkt enctype. If it does, then the
> client may force the KDC to use a ticket key that is weaker or easier
> to attack.
>
> Microsoft's implementation may expose this, but if it does it is only
> for interoperability with broken Kerberosenvironments.
>
> ________________________________________________
> Kerberos mailing list [EMAIL PROTECTED]
> https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
