[37790] in Kerberos
Re: Option for multiple PA-ETYPE-INFO(2)-ENTRY (old behaviour)
daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri Nov 18 18:06:44 2016
To: Dameon Wagner <dameon.wagner@it.ox.ac.uk>
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <12fc47f4-3eb5-3656-a476-b7f3d1af9153@mit.edu>
Date: Fri, 18 Nov 2016 18:06:29 -0500
MIME-Version: 1.0
In-Reply-To: <0802e7eb-ba55-24be-0f1a-716d40080c36@mit.edu>
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
I thought of another possible workaround that doesn't involve code
changes to 1.14, which is to do (in kadmin):
setstr krbtgt/REALM session_enctypes "aes256-cts aes128-cts"
I have opened http://krbdev.mit.edu/rt/Ticket/Display.html?id=8167 for
this issue, and we may introduce a KDC workaround in the future, along
the lines of the patch I suggested in the last message.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
