[32185] in Kerberos
Re: Win 2008R2 kdc and linux client: no support for encryption type
daemon@ATHENA.MIT.EDU (Lars Schimmer)
Thu Mar 25 04:23:00 2010
To: undisclosed-recipients:;undisclosed-recipients:;@MIT.EDU
Message-ID: <4BAB1D5B.6070802@cgv.tugraz.at>
Date: Thu, 25 Mar 2010 09:22:51 +0100
From: Lars Schimmer <l.schimmer@cgv.tugraz.at>
MIME-Version: 1.0
CC: kerberos@mit.edu
In-Reply-To: <78c6bd861003221452lb0a591en76b704daadc7d1f1@mail.gmail.com>
X-SA-Exim-Mail-From: l.schimmer@cgv.tugraz.at
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michael B Allen wrote:
> On Mon, Mar 22, 2010 at 12:01 PM, Lars Schimmer
> <l.schimmer@cgv.tugraz.at> wrote:
>> Hi!
>>
>> Just want to note here, that problem was solved with a (not yet public)
>> patch from Microsoft.
>> http://support.microsoft.com/?kbid=978055
>>
>> Go and ask your Microsoft Support for it.
>>
>> Looks like it only happens on x64 servers.
>
> Hi Lars,
>
> Actually I would not be surprised if that "hot fix" is never made
> public. DES is being phased out. If you have any Windows accounts that
> use DES, you should update them to AES-256, AES-128 or RC4 in that
> order of preference.
As others already posted, I need DES enctypes for OpenAFS.
OpenAFS is already on the way to be able to use newer/better/safer
enctypes, but it cannot change overnight.
Thanks to Jeffrey Altman for the notice about patch being published by MS.
And as addendum: patch is needed if you run a Win2003 Server and a
Win2008R2 x64 server and you need DES enctypes.
> Mike
>
MfG,
Lars Schimmer
- --
- -------------------------------------------------------------
TU Graz, Institut für ComputerGraphik & WissensVisualisierung
Tel: +43 316 873-5405 E-Mail: l.schimmer@cgv.tugraz.at
Fax: +43 316 873-5402 PGP-Key-ID: 0x4A9B1723
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkurHVsACgkQmWhuE0qbFyOTawCfW90WG8IEOZyF0FyEhoJBN3xw
+6QAni2wmC3kWM7A3ldNCjCHflTr4pjL
=EzWk
-----END PGP SIGNATURE-----
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
