Thanks very much!
Your information was very much on target.
(I was embarrassed to see that I had set
a 256 key and asked for a 128 key.)
There is the possible error in your reply that
even changing the 'test' principal to
have both aes128 and aes256 keys was not sufficient
to make Apple's kinit w
On 02/12/2018 10:37 AM, John Tang Boyland wrote:
> What's going on? Does MIT kerberos not actually support AES256?
Check the keys for the krbtgt/ principal entry. The ticket will
always be encrypted in the first of those keys. I suspect that key is des3.
To explain your three different results
