On 14 Mar 2006, at 03:15, Cribb, Jay [GovSG] wrote:
Use des-cbc-crc for ticket and keytab export (it's the type that's
usually the least common denominator)
Is this Windows 2000 or Windows 2003?
Thanks. It's 2003. I seem not to be able to get the enctype to be des-
cbc-crc for the ticket. In /etc/krb5.conf I have
[libdefaults]
default_realm = AD.CL.CAM.AC.UK
clockskew = 300
default_tkt_enctypes = des-cbc-crc
default_tgs_enctypes = des-cbc-crc
permitted_enctypes = des-cbc-crc
The host keytab looks like this:
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
----
------------------------------------------------------------------------
--
9 host/[EMAIL PROTECTED] (DES cbc mode with
CRC-32)
But my ticket for the host principal still ends up des-cbc-md5:
Ticket cache: FILE:/tmp/krb5cc_1696
Default principal: [EMAIL PROTECTED]
Valid starting Expires Service principal
03/14/06 10:50:28 03/14/06 20:50:32 krbtgt/
[EMAIL PROTECTED]
renew until 03/15/06 10:50:28, Etype (skey, tkt): DES cbc
mode with CRC
32, ArcFour with HMAC/md5
03/14/06 10:50:47 03/14/06 20:50:32 host/
[EMAIL PROTECTED]
renew until 03/15/06 10:50:28, Etype (skey, tkt): DES cbc
mode with CRC
32, DES cbc mode with RSA-MD5
