Jeffrey Altman <[EMAIL PROTECTED]> writes: > Russ Allbery wrote: >> Steve Devine <[EMAIL PROTECTED]> writes:
>>> This is my current kdc.conf entry: >>> supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal >>> des-cbc-crc:v4 des-cbc-crc:afs3 >> you need to explicitly specify -e des-cbc-crc:normal when creating the >> krbtgt cross-realm keys. Otherwise you'll get a des3 key in your KDC >> and since Windows doesn't support des3, you'll lose. > Windows 2003 SP1 and later supports RC4-HMAC cross-realm keys. Yeah, I just didn't mention that because his kdc.conf doesn't. Adding rc4-hmac to your supported_enctypes is another alternative (although you still need to use -e, in this case with rc4-hmac, to limit the enctypes of the created key). -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
