Restarting the service on the server resolved this issue. I can see with wireshark that the type of ticket encryption has been changed from DES to RC4-HMAC.
Thanks, From: Ali Akhavan Sent: March-31-11 11:11 AM To: '[email protected]' Subject: Turning off "Use DES encryption types" on domain controller Sensitivity: Confidential Hello everyone, I have a Java GSS client that establishes a security context using Kerberos with a C++ server. The server uses SSPI libraries from Windows to accept the security token sent by the client. The service account that I use for the server has the flag "Use DES encryption types for this account" checked on the domain controller. And everything works as expected. Now the problem is that when I uncheck this option on DC, the server is no longer able to accept the binary token that client sends to it. The error returns from SSPI Kerberos AcceptSecurityContext function is 0x8009030e which indicates that credentials are not available on the server. I can only think that the server is no longer able to decrypt the token sent by the client, but don't know how to resolve it. Any ideas ? Thanks Ali Ali Akhavan | Computer Scientist | Simba Technologies Inc. Email: [email protected] <mailto:[email protected]> Tel +1.604.633.0008 ext. 239 | Fax +1.604.633.0004 938 West 8th Avenue | Vancouver, BC | Canada | V5Z 1E5 Your Competitive Advantage for Data Connectivity Solutions www.simba.com <http://www.simba.com/> This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. Thank you. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
