On Mon, Nov 5, 2012 at 9:22 AM, Alan Ge <[email protected]> wrote: .... > Has someone here run into this before? Or could someone shed some light on > this? Many thanks.
Most newer libraries disable des by default. That is considered a very good thing. DES can be broken in seconds. The best answer (and perhaps the only answer, depending on your local policy) is to upgrade to a stronger type such as AES (will require you to get a new principal keytab), but if you absolutely must use a DES principal, you may be able enable it in krb5.conf with the permitted_enctypes directive in the libdefaults section. Please upgrade to something stronger than DES. Gary
