BTW. The MIT kdc is 1.2.x with no rc4 support. Markus "Markus Moeller" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > I do have a setup with two kdcs ( A windows and non-windows kdc ). I'd > like to > use the highest encryption type available. The krb5.conf on my client > looks like: > > [libdefaults] > default_realm = W2K3.COM > default_tkt_enctypes = des3-cbc-sha1 rc4-hmac des-cbc-md5 des-cbc-crc > default_tgs_enctypes = des3-cbc-sha1 rc4-hmac des-cbc-md5 des-cbc-crc > > [realms] > W2K3.COM = { > kdc = kdc.w2k3.com:88 > kpasswd_server = kdc.w2k3.com:464 > } > MIT.COM = { > kdc = kdc.mit.com:88 > kpasswd_server = kdc.mit.com:464 > } > [domain_realm] > .mit.com = MIT.COM > .w2k3.com = W2K3.COM > > > A kinit [EMAIL PROTECTED] gives the following error: > kinit(v5): KDC has no support for encryption type while getting initial > credentials > > It works the other way round e.g. > default_tkt_enctypes = rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc > default_tgs_enctypes = rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc > > > kinit [EMAIL PROTECTED] gives no error and I get a tgt. > > > I know that MS doesn't support 3DES, but I thought if I give a list it > will use > the next highest supported encryption type. Is this a buf in MS or does > the > standard allow this behaviour ? > > > Thanks > Markus > > > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos >
________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos