rousset wrote: > Hello, > > I have established a trust relationship between Active Directory and MIT > Kerberos realm, mapped principals, and can successfully logon to a Win2k > workstation using a Kerberos principal. This is right with attribute > "PRE-AUTH required" enabled and encryption des-cbc-crc, or md5. > But I'd like to set rc4-hmac as default encryption on MIT principals. > It fails with "Additionnal Pre-authentication required" log on MIT's > side if pre-auth is enabled > (Work if pre-auth disabled)
I have verified with Microsoft that the default configuration of Windows 2003 does not allow the use of RC4-HMAC with MIT KDC Trust relationships. There is functionality to support this mode of operation unfortunately there are no tools available to allow you to enable it. I have obtained the necessary information to construct a tool to enable RC4-HMAC support for MIT KDC Trust relationships and will endeavor to build one in the next day or two for inclusion within the final release of KfW 2.6. At the very least this tool will allow you to specify a MIT Realm Name and allow the RC4-HMAC flag to be toggled on or off. Jeffrey Altman KfW Maintainer ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
