Please learn to properly quote messages from other people. [EMAIL PROTECTED] wrote: > Hi , > > There should be no reason why you want or need to restrict the > enctypes in a krb5.conf file. Doing so will only create a severe > maintenance problem once you realize that DES encryption is too weak > for continued use. >>> Do you mean that there is no need to specify the default_xxx_enctypes in >>> conf file ? > Could you please confirm ?
confirmed. > > What command line did you use? >>> c:\>ktpass -princ sample/[EMAIL PROTECTED] -mapuser sample -pass <password> >>> -out sample.keytab > > This is because you did not specify the correct kvno value when you > executed ktpass.exe. Before executing ktpass.exe using the "kvno" > tool to determine what key version number is being issued by Active > Directory. >>> I tried to use kvno on windows 2003 to find the version number, but it was >>> asking for ccache. I didnt know what to give for ccache. Could you please >>> tell me how to use it ? Install MIT Kerberos for Windows. Execute "kinit <principal>" where <principal> is a client principal for which you know the password and can obtain a TGT. This will create for you a credential cache. kvno will not ask you for a credential cache unless it cannot find one with a valid TGT. "kvno sample/[EMAIL PROTECTED]" will report the key version number of the service ticket for "sample/[EMAIL PROTECTED]" it was able to obtain using the TGT for <principal> obtained above. Jeffrey Altman ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
