On 6/19/2011 7:06 AM, Mark Davies wrote: > On Saturday 18 June 2011 06:08:33 Douglas E. Engert wrote: >>> surely the rc4-hmac type should be supported? >> >> Yes it should be. But when you setup the cross realm trust, >> did W2K3 assume the MIT realm could only do DES? >> Id the des-only bit on in the TGT account in AD? > > How does one check in AD? and change it if it is?
Check the userAccountControl attribute of the cross realm TGT look for USE_DES_KEY_ONLY = 2097152, i.e. 0x200000 http://support.microsoft.com/kb/305144 > >> DES is off by default in most Kerberos and W2008. > > That I knew, but don't know anything about the "des-only bit". > > cheers > mark > > -- Douglas E. Engert <[email protected]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
