Hi,
I have created a client keytab with ktutil:
add_entry -password -p osipo...@comapny.net -k 1 -e aes256-cts-hmac-sha1-96
add_entry -password -p osipo...@comapny.net -k 1 -e aes128-cts-hmac-sha1-96
add_entry -password -p osipo...@comapny.net -k 1 -e arcfour-hmac
then trying to obtain a TGT wit
On 07/29/2015 07:43 AM, Osipov, Michael wrote:
> add_entry -password -p osipo...@comapny.net -k 1 -e aes256-cts-hmac-sha1-96
> add_entry -password -p osipo...@comapny.net -k 1 -e aes128-cts-hmac-sha1-96
> add_entry -password -p osipo...@comapny.net -k 1 -e arcfour-hmac
[...]
> kinit: Invalid argume
Have you enabled AES Encryption for the account in AD?
http://blogs.msdn.com/b/openspecification/archive/2011/05/31/windows-configurations-for-kerberos-supported-encryption-type.aspx
This can, I believe, be achieved as well with group policy, as well...
On Wed, Jul 29, 2015 at 5:43 AM, Osipov, M
> Have you enabled AES Encryption for the account in AD?
> http://blogs.msdn.com/b/openspecification/archive/2011/05/31/windows-configurations-for-kerberos-supported-encryption-type.aspx
Hi Todd,
the flag is not set on my account though the registry key on my machine is set
to 0x7fff. Thoug
> On 07/29/2015 07:43 AM, Osipov, Michael wrote:
> > add_entry -password -p osipo...@comapny.net -k 1 -e
> > aes256-cts-hmac-sha1-96 add_entry -password -p osipo...@comapny.net -k
> > 1 -e aes128-cts-hmac-sha1-96 add_entry -password -p
> > osipo...@comapny.net -k 1 -e arcfour-hmac
> [...]
> > kinit
Hi,
Is there any general wisdom out there about mixed KDC/Client versions? Are
there concerns around allowing environments drift to where a KDC would be
on a later release than the clients?
There seems to be a change in default behavior in the 1.12+ where renewable
tickets must be specifically r
> On 07/29/2015 07:43 AM, Osipov, Michael wrote:
> > add_entry -password -p osipo...@comapny.net -k 1 -e
> > aes256-cts-hmac-sha1-96 add_entry -password -p osipo...@comapny.net -k
> > 1 -e aes128-cts-hmac-sha1-96 add_entry -password -p
> > osipo...@comapny.net -k 1 -e arcfour-hmac
> [...]
> > kinit
>Is there any general wisdom out there about mixed KDC/Client versions? Are
>there concerns around allowing environments drift to where a KDC would be
>on a later release than the clients?
FWIW, we run a whole bunch of crazy versions of Kerberos, and generally
there is not an interoperability pro
On Wed, 29 Jul 2015, Ken Hornstein wrote:
> >Is there any general wisdom out there about mixed KDC/Client versions? Are
> >there concerns around allowing environments drift to where a KDC would be
> >on a later release than the clients?
>
> FWIW, we run a whole bunch of crazy versions of Kerberos
Actually the krbtgt got generated without a renewable life value (was at
0), missed this during the troubleshooting, so nothing other than the need
to express renew lifetime properly in the configuration. Thanks tho for
the feedback.
On Wed, Jul 29, 2015 at 8:06 PM, Ken Hornstein
wrote:
> >Is t
Interesting, I'll take a look, thanks!
On Wed, Jul 29, 2015 at 8:12 PM, Benjamin Kaduk wrote:
> On Wed, 29 Jul 2015, Ken Hornstein wrote:
>
> > >Is there any general wisdom out there about mixed KDC/Client versions?
> Are
> > >there concerns around allowing environments drift to where a KDC woul
11 matches
Mail list logo
