[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Why is the server using DES but not RC4?

Achim Grolms schrieb:
> On Thursday 28 June 2007 21:38, Markus Moeller wrote:
>> The default with the newer ktpass is RC4, so there is no need to use the
>> desonly nor crypto flag at all, only maybe if you need to switch behaviour.
> Sure.
> Florian Erfurth's problem was that he used the RC4 ktpass-configuration
> as described in <http://www.grolmsnet.de/kerbtut/> but run into the
> problem that his DC send DES servicetickets (instead of RC4).
> I suppose that's because he reused the account from his
> previous DES-experiments (that need the DESONLY setting).
Yes, that is true. I did test the same computeraccount with DES and 
reused this with RC4. I'll try to delete and recreate the 
computeraccount. Thank you very much! I'll post here, if it did help.
> If the default behaviour of ktpass disables DES in every case-
> why does Florian run into that "KDC send DES problem"?
> An additional -DESONLY option in the RC4 ktpass would ensure
> that "DESONLY" is disabeled in *every case*.
Ok, I'll try with -DESONLY if this doesn't help, then I'll delete and 
recreate the account.

> Is my thinking incorrect?
We'll see. ;)

cu Floh