[33296] in Kerberos
Turning off "Use DES encryption types" on domain controller
daemon@ATHENA.MIT.EDU (Ali Akhavan)
Thu Mar 31 14:10:00 2011
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Thu, 31 Mar 2011 11:10:34 -0700
Message-ID: <DC1AD4867699CD42A05AA6312B999364054D1D52@hemlock.orbital.ad>
From: "Ali Akhavan" <alia@simba.com>
To: <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hello everyone,
I have a Java GSS client that establishes a security context using
Kerberos with a C++ server. The server uses SSPI libraries from Windows
to accept the security token sent by the client. The service account
that I use for the server has the flag "Use DES encryption types for
this account" checked on the domain controller. And everything works as
expected.
Now the problem is that when I uncheck this option on DC, the server is
no longer able to accept the binary token that client sends to it. The
error returns from SSPI Kerberos AcceptSecurityContext function is
0x8009030e which indicates that credentials are not available on the
server. I can only think that the server is no longer able to decrypt
the token sent by the client, but don't know how to resolve it.
Any ideas ?
Thanks
Ali
Ali Akhavan | Computer Scientist | Simba Technologies Inc.
Email: alia@simba.com <mailto:toari@simba.com>
Tel +1.604.633.0008 ext. 239 | Fax +1.604.633.0004
938 West 8th Avenue | Vancouver, BC | Canada | V5Z 1E5
Your Competitive Advantage for Data Connectivity Solutions
www.simba.com <http://www.simba.com/>
This email message is for the sole use of the intended recipient(s) and
may contain confidential and privileged information. Any unauthorized
review, use, disclosure, or distribution is prohibited. If you are not
the intended recipient, please contact the sender by reply email and
destroy all copies of the original message. Thank you.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
