>An interesting interoperability wrinkle arises if you have any Windows >2K/XP machines with native kerberos libraries (not KfW) pointed at >your MIT KDC for authentication. In my experiments a few months ago, >such machines *fail* to get tickets if the first enctype listed in the >KDC's 'supported_enctypes' is not 'des-cbc-crc:normal'. > >In other words, when I tried reversing the order of 'supported_enctypes' >like this: > > supported_enctypes = aes256-cts:normal des3-cbc-sha1:normal \ > des-cbc-crc:normal
Hrm. I've definately made it work without des-cbc-crc in the front. >I found that native windows clients could no longer authenticate to the >KDC. Perhaps Vista will support enctypes other than single DES... Didn't try arcfour, did you? --Ken ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
