[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Why is the server using DES but not RC4?
OK I tested it quickly and my interpretation was wrong. Once desonly is set
with ktpass /desonly you can not reset it with ktpass. You have to use ADSI
Edit (or delete/recreate the account). I tested on 2003 SP2.
"Achim Grolms" <email@example.com> wrote in message
> On Thursday 28 June 2007 21:38, Markus Moeller wrote:
>> The default with the newer ktpass is RC4, so there is no need to use the
>> desonly nor crypto flag at all, only maybe if you need to switch
> Florian Erfurth's problem was that he used the RC4 ktpass-configuration
> as described in <http://www.grolmsnet.de/kerbtut/> but run into the
> problem that his DC send DES servicetickets (instead of RC4).
> I suppose that's because he reused the account from his
> previous DES-experiments (that need the DESONLY setting).
> If the default behaviour of ktpass disables DES in every case-
> why does Florian run into that "KDC send DES problem"?
> An additional -DESONLY option in the RC4 ktpass would ensure
> that "DESONLY" is disabeled in *every case*.
> Is my thinking incorrect?
> Thank you,