"Mark" == Mark Hendricks <[EMAIL PROTECTED]> writes:
Mark> -e des:normal krbtgt/<AD><REALM>
I'm not sure what problem this is designed to fix, but it sounds like a bad idea from a security standpoint. It will certainly mask a large class of configuration or interoperability problems.
But pretty much all the Kerberos implementations have advanced to a point where with even vaguely modern software, this sort of solution is unnecessary.
All the implementations except for the Java Kerberos implementation and perhaps some implementation that Oracle might be shipping.
Not to say that forcing the use of des-cbc-crc is a good idea, its not. Just pointing out that there are still interop problems based entirely in the implemented set of enctypes.
Jeffrey Altman
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
