Thanks very much!
Your information was very much on target.
(I was embarrassed to see that I had set
a 256 key and asked for a 128 key.)
There is the possible error in your reply that
even changing the 'test' principal to
have both aes128 and aes256 keys was not sufficient
to make Apple's kinit
On 02/12/2018 10:37 AM, John Tang Boyland wrote:
> What's going on? Does MIT kerberos not actually support AES256?
Check the keys for the krbtgt/ principal entry. The ticket will
always be encrypted in the first of those keys. I suspect that key is des3.
To explain your three different