The default behavior of the APIs used by MS2MIT have changed in Win2k3. If you set HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\ AllowTgtSessionKey = 1 (REG_DWORD)
Then ms2mit will be able to propagate the session key into the MIT cache. Paul -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Huang Sent: Wednesday, December 03, 2003 6:12 PM To: [EMAIL PROTECTED] Subject: more etype question When I do ms2mit.exe to get kerberos ticket from win2k3, I get the something like renew until 12/10/03 14:51:08, Etype (skey, tkt): etype 0, ArcFour with MAC/md5 However, if I do a kinit against win2k3, I get something like renew until 12/04/03 14:54:01, Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5 It seems to me that ms2mit.exe is not doing the right thing by not having the proper skey type. However, it could be the ticket cache from MS which does not have the enc key type. Could someone mind tell me what is going on here?. thanks -peter huang ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
