On Tuesday, May 16, 2006 05:32:45 PM -0400 Jeff Blaine <[EMAIL PROTECTED]> wrote:
> I guess this is what I want: > > http://www.ietf.org/internet-drafts/draft-zhu-kerb-enctype-nego-04.txt Actually, this doesn't help with your problem. The mechanism described in that document allows a client and server to negotiate use of an enctype for communications with each other even when that enctype is not supported by the KDC. The problem you're having is that the KDC believes your service supports the des3-hmac-sha1 enctype, and so encrypts service tickets using that enctype. By design, there is nothing a client can do to influence the enctype used by the KDC to communicate with a service. -- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]> Sr. Research Systems Programmer School of Computer Science - Research Computing Facility Carnegie Mellon University - Pittsburgh, PA ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
