On Thursday, June 17, 2004 21:49:34 -0400 David Botsch <[EMAIL PROTECTED]> wrote:
Ok... however, since Windows can come up with the other string to key algorithm, why does authentication not work?
Because when it constructs an AS-REP, the KDC gets to choose which of the user's keys will be used, subject only to constraints the client provides about what enctypes it can handle. There's no way for the client to say "I can't handle the AFS string-to-key; don't use it", so the KDC is free to choose that key.
-- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]> Sr. Research Systems Programmer School of Computer Science - Research Computing Facility Carnegie Mellon University - Pittsburgh, PA
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos