Russ Allbery wrote: > Steve Devine <[EMAIL PROTECTED]> writes: > >> Does the order of the enctypes listed in the kdc affect this? > > In my experience, the enctype list should match exactly. It doesn't > matter what order you list the enctypes in; if you have enctypes on the > krbtgt key that aren't present in Windows, you may lose. So, in this > case: > >> This is my current kdc.conf entry: >> supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal >> des-cbc-crc:v4 des-cbc-crc:afs3 > > you need to explicitly specify -e des-cbc-crc:normal when creating the > krbtgt cross-realm keys. Otherwise you'll get a des3 key in your KDC and > since Windows doesn't support des3, you'll lose.
Windows 2003 SP1 and later supports RC4-HMAC cross-realm keys.
smime.p7s
Description: S/MIME Cryptographic Signature
