>>>>> "Jeffrey" == Jeffrey Hutzelman <[EMAIL PROTECTED]> writes:
Jeffrey> You should not depend on the "ordering" you're seeing
Jeffrey> here; logically, it's an unordered set. If you have
Jeffrey> Windows users, they will need to not have AFS-salted
Jeffrey> keys.
Last time I checked the keys in the kdb are very much an ordered set,
or at least there is a distinguished key used for requests without
preauthentication and a distinguished key used by the KDC for a
principal as a server and our implementation selects these
distinguished keys based on order.
You have several options for fixing the problem:
* Set the preauth_required attribute and make sure you have a 1.3.x KDC.
* Order the keys so the afs3 keys and v4 salted keys come last.
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
