Sleepy wrote: > Hello all, > > I have some questions that I would appreciate getting some expert > Kerberos assistance with. > > 1) Is SQL Server limited to DES encryption only? > > The reason I ask is that I have discovered empirically that the > SQL Server service startup account needs to set the Active Directory > property "Use DES encryption types for this account". A possible > explanation was found as follows: "This flag [Use DES encryption > types for this account] is only required for service accounts which > can only handle DES. When a client makes a request for a service > ticket for such service, using TGS-Exchange, the Win2K KDC generates a > DES service ticket if this flag is set." If this information is true, > it would appear that SQL Server can only handle DES encryption.
I don't know about MS SQL but the Java GSS-API only supports DES encryption. > 2) Why would I not receive an SSPI token back from SQL Server even > if I successfully connect to SQL Server using Active > Directory/Kerberos authentication? > > I have an application that requests mutual authentication using > the Java GSS-API and no SSPI token is ever returned. We expect our > application to receive an SSPI token back from SQL Server to complete > the authentication process. This expectation is based on the API and > the fact that the TDS specification implies this will occur. The Java client will receive a ticket for use in authenticating to the MS SQL service account. This will be placed in the Java application's credential cache which is stored in a file. This will be obtained prior to the completion of the mutual authentication. What are you using to examine the exchange? > Any assistance that can be provided would be very helpful. Thanks! > ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos