Matt wrote: > So, to sum up, if I am failing to accept service tickets that I am > recieving as described above with error 31 BAD_INTEGRITY, do you think > I should add a "permitted_enctypes" entry with the relevant ciphers(The > Windows KDC appears to be using RC4-HMAC or DES-CBC-MD5, depending on > configuration), or am I barking up the completely wrong tree?
You do not want to restrict the enctypes that can be used. You need to make sure that you have key tab entries for all combinations of service name, kvno, and enctype that are being received by the service. A Bad Integrity error is most likely the result of having the wrong key in the keytab entry. Jeffrey Altman -- ----------------- This e-mail account is not read on a regular basis. Please send private responses to jaltman at mit dot edu ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos