Jeffrey Watts <[email protected]> writes: > Their computer account entries are very similar. Here's the contents of the > krb5.keytab: > # klist -k > Keytab name: FILE:/etc/krb5.keytab > KVNO Principal > ---- > -------------------------------------------------------------------------- > 2 host/[email protected] > 2 host/[email protected] > 2 host/[email protected] > 2 host/[email protected] > 2 host/[email protected] > 2 host/[email protected] > 2 [email protected] > 2 [email protected] > 2 [email protected]
Could you repeat this with "klist -k -e"? This will show the enctypes for each entry in the keytab. Do the enctype lists differ on different hosts? > Could you explain the single-DES issue a bit more? Is that something that > needs to be enabled? I believe that starting with 2008R2 has single-DES disabled as "legacy" on AD Kerberos principals by default, as single-DES is no longer NIST-approved and no longer provides adequate security. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
