> Is your server keyed with a DES key? Which server are you talking about? The kdc or the ssh server?
Maybe you can find the answer in the details below: This is what my ticket (on the lenny client) looks like: $ klist -e Ticket cache: FILE:/tmp/krb5cc_1000_FQS33c Default principal: [email protected] Valid starting Expires Service principal 11/25/10 17:11:23 11/26/10 03:11:23 krbtgt/[email protected] renew until 11/26/10 17:11:23, Etype (skey, tkt): AES-256 CTS mode with 96-bit SHA-1 HMAC, Triple DES cbc mode with HMAC/sha1 Kerberos 4 ticket cache: /tmp/tkt1000 klist: You have no tickets cached $ In a network packet capture I can see that both des3-cbc-sha1 and some aes-256-something are in use at some point. The ssh server has four different keys, one them being des, and two being aes. The kdc runs mac osx 10 server with mit kerberos. If your question isn't answered by now, can you ask it more precisely? Helmut -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
