> Except the issue here is he's getting a DES_CBC_MD4 session key when he > wants DES_CBC_CRC. The "why" is likely in the code you're quoting - > DES_CBC_MD4 is a "better" enctype, and both sides appear to support it > (since the single-des types are interchangeable).
> I'd be curious to know how the resulting ticket is not "useful"; that is, > what application is being used and what error results when attempting to > use that ticket. Here is the error reported by the user: $ telnet -fax cerberus.ait.iastate.edu Encryption is verbose Trying 129.186.145.115... Connected to cerberus.ait.iastate.edu. Escape character is '^]'. [ Trying mutual KERBEROS5 (host/[EMAIL PROTECTED])... ] [ Kerberos V5 refuses authentication because telnetd: krb5_rd_req failed: Encryption type not permitted ] [ Trying KERBEROS5 (host/[EMAIL PROTECTED])... ] [ Kerberos V5 refuses authentication because telnetd: krb5_rd_req failed: Encryption type not permitted ] John ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
