Tom Yu wrote: >>>>>>"jaltman2" == Jeffrey Altman <[EMAIL PROTECTED]> writes: > > > jaltman2> It does not make much sense that the KDC is issuing > jaltman2> a ticket protected by 3DES when 3DES is not in the list > jaltman2> of supported enctypes provided in the AS_REQ. > > The "tkt" enctype is that used by the service to decrypt the ticket. > It doesn't matter that the client doesn't understand it (though there > was a bug in our early client code -- krb5-1.0.x? -- that would cause > a client to reject a ticket whose enctype it didn't understand). > > ---Tom
Yes. That is part of the reason why I asked about which enc-types are specified for the principal. The error that was logged to the Windows Event queue stated that the host/[EMAIL PROTECTED] ticket presented to the machine was of type 3DES. Windows does not support 3DES. So if the host/[EMAIL PROTECTED] principal contains 3DES keys, that is a problem that needs to be corrected. Jeffrey Altman -- ----------------- This e-mail account is not read on a regular basis. Please send private responses to jaltman at mit dot edu ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
