thank you for the good information here. It works just as you described. I wonder what trigger the change in API. -peter
""Paul B. Hill"" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > The default behavior of the APIs used by MS2MIT have changed in Win2k3. > > If you set HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\ > AllowTgtSessionKey = 1 (REG_DWORD) > > Then ms2mit will be able to propagate the session key into the MIT cache. > > Paul > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > Of Peter Huang > Sent: Wednesday, December 03, 2003 6:12 PM > To: [EMAIL PROTECTED] > Subject: more etype question > > When I do ms2mit.exe to get kerberos ticket from win2k3, I get the something > like > > renew until 12/10/03 14:51:08, Etype (skey, tkt): etype 0, ArcFour > with MAC/md5 > > However, if I do a kinit against win2k3, I get something like > renew until 12/04/03 14:54:01, Etype (skey, tkt): ArcFour with > HMAC/md5, ArcFour with HMAC/md5 > > > It seems to me that ms2mit.exe is not doing the right thing by not having > the proper skey type. However, it could be the ticket cache from MS which > does not have the enc key type. Could someone mind tell me what is going on > here?. > > thanks > -peter huang > > > ________________________________________________ > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos > > ________________________________________________ > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
