On 07/29/2015 07:43 AM, Osipov, Michael wrote:
add_entry -password -p osipo...@comapny.net -k 1 -e aes256-cts-hmac-sha1-96
add_entry -password -p osipo...@comapny.net -k 1 -e aes128-cts-hmac-sha1-96
add_entry -password -p osipo...@comapny.net -k 1 -e arcfour-hmac
[...]
kinit: Invalid argument
On 07/29/2015 07:43 AM, Osipov, Michael wrote:
add_entry -password -p osipo...@comapny.net -k 1 -e
aes256-cts-hmac-sha1-96 add_entry -password -p osipo...@comapny.net -k
1 -e aes128-cts-hmac-sha1-96 add_entry -password -p
osipo...@comapny.net -k 1 -e arcfour-hmac
[...]
kinit: Invalid
Hi,
Is there any general wisdom out there about mixed KDC/Client versions? Are
there concerns around allowing environments drift to where a KDC would be
on a later release than the clients?
There seems to be a change in default behavior in the 1.12+ where renewable
tickets must be specifically
On 07/29/2015 07:43 AM, Osipov, Michael wrote:
add_entry -password -p osipo...@comapny.net -k 1 -e
aes256-cts-hmac-sha1-96 add_entry -password -p osipo...@comapny.net -k
1 -e aes128-cts-hmac-sha1-96 add_entry -password -p
osipo...@comapny.net -k 1 -e arcfour-hmac
[...]
kinit: Invalid
Have you enabled AES Encryption for the account in AD?
http://blogs.msdn.com/b/openspecification/archive/2011/05/31/windows-configurations-for-kerberos-supported-encryption-type.aspx
Hi Todd,
the flag is not set on my account though the registry key on my machine is set
to 0x7fff. Though
Have you enabled AES Encryption for the account in AD?
http://blogs.msdn.com/b/openspecification/archive/2011/05/31/windows-configurations-for-kerberos-supported-encryption-type.aspx
This can, I believe, be achieved as well with group policy, as well...
On Wed, Jul 29, 2015 at 5:43 AM, Osipov,
Is there any general wisdom out there about mixed KDC/Client versions? Are
there concerns around allowing environments drift to where a KDC would be
on a later release than the clients?
FWIW, we run a whole bunch of crazy versions of Kerberos, and generally
there is not an interoperability
Actually the krbtgt got generated without a renewable life value (was at
0), missed this during the troubleshooting, so nothing other than the need
to express renew lifetime properly in the configuration. Thanks tho for
the feedback.
On Wed, Jul 29, 2015 at 8:06 PM, Ken Hornstein
Interesting, I'll take a look, thanks!
On Wed, Jul 29, 2015 at 8:12 PM, Benjamin Kaduk ka...@mit.edu wrote:
On Wed, 29 Jul 2015, Ken Hornstein wrote:
Is there any general wisdom out there about mixed KDC/Client versions?
Are
there concerns around allowing environments drift to where a KDC
On Wed, 29 Jul 2015, Ken Hornstein wrote:
Is there any general wisdom out there about mixed KDC/Client versions? Are
there concerns around allowing environments drift to where a KDC would be
on a later release than the clients?
FWIW, we run a whole bunch of crazy versions of Kerberos, and
Hi,
I have created a client keytab with ktutil:
add_entry -password -p osipo...@comapny.net -k 1 -e aes256-cts-hmac-sha1-96
add_entry -password -p osipo...@comapny.net -k 1 -e aes128-cts-hmac-sha1-96
add_entry -password -p osipo...@comapny.net -k 1 -e arcfour-hmac
then trying to obtain a TGT
11 matches
Mail list logo