>>>>> "Jeffrey" == Jeffrey Hutzelman <[EMAIL PROTECTED]> writes:
Jeffrey> You should not depend on the "ordering" you're seeing Jeffrey> here; logically, it's an unordered set. If you have Jeffrey> Windows users, they will need to not have AFS-salted Jeffrey> keys. Last time I checked the keys in the kdb are very much an ordered set, or at least there is a distinguished key used for requests without preauthentication and a distinguished key used by the KDC for a principal as a server and our implementation selects these distinguished keys based on order. You have several options for fixing the problem: * Set the preauth_required attribute and make sure you have a 1.3.x KDC. * Order the keys so the afs3 keys and v4 salted keys come last. ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos