Thomas Beaudry <thomas.beau...@concordia.ca> writes:
> So i got it to work by switch the encryption type. In case anyone is
> wondering i used: addent -password -p ${user} -k 1 -e rc4-hmac
It's possible that the problem is related to password salting. (The RC4
enctype has no salt, but the AES ones do.) We've observed that the salt
for an Active Directory principal is related to the account name rather
than the principal name, e.g., HOSTNAME$ for a computer account. (An AD
account can have multiple Kerberos principal names.) Without the
correct salt, the client can't produce the correct password-derived key.
-Tom
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
