Greetings, I currently have a MIT KDC where I need to use the des-cbc-crc:normal encryption type on *one* service principal. The rest of my KDC all principals can be aes or rc4. I'm confused as to what I need in my config and what will work.
If I just have aes256-cts:normal and rc4-hmac:normal listed in kdc.conf in the supported_enctypes field, I'm still able to create the des-cbc-crc:normal service principal I need. In fact, I can kinit -S for it and obtain it. My confusion lies in that I thought not having des-cbc-crc:normal in this configuration line meant the KDC wouldn't recognize or serve tickets for it. It'd be great to not have to put this in the config line so that later principals only get the aes256 and rc4 types on them, but I'm not understanding why I'm successfully obtaining a principal with only the des encryption type without adding it to this line. Any hints? John Harris ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos