[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Why is the server using DES but not RC4?



On Thursday 28 June 2007 21:38, Markus Moeller wrote:
> The default with the newer ktpass is RC4, so there is no need to use the
> desonly nor crypto flag at all, only maybe if you need to switch behaviour.

Sure.
Florian Erfurth's problem was that he used the RC4 ktpass-configuration
as described in <http://www.grolmsnet.de/kerbtut/> but run into the
problem that his DC send DES servicetickets (instead of RC4).
I suppose that's because he reused the account from his
previous DES-experiments (that need the DESONLY setting).
If the default behaviour of ktpass disables DES in every case-
why does Florian run into that "KDC send DES problem"?
An additional -DESONLY option in the RC4 ktpass would ensure
that "DESONLY" is disabeled in *every case*.

Is my thinking incorrect?

Thank you,
Achim