Network Security: Detailed info on Re: gssapi-with-mic and a Windows AD KDC

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Secure-Shell

[Top] [All Lists]

Re: gssapi-with-mic and a Windows AD KDC

from [Ian Grant] Network Security

[Permanent Link]

Subject:	Re: gssapi-with-mic and a Windows AD KDC
Date:	Wed, 15 Mar 2006 12:12:53 +0000

On 14 Mar 2006, at 15:51, Sam Evans wrote:

On your KTPASS.EXE command line, add the following switch: -crypto
DES-CBC-MD5


That's what I had before, and it didn't work, so I mailed this list.
I was advised to try DES-CBC-CRC instead.


Hmm, like I said, I read somewhere that 2K3 didn't support CRC mode,
but it may have been wrong.


I think that was the problem. With a des-cbc-md5 host principal key and

        default_tkt_enctypes = des-cbc-md5
        default_tgs_enctypes = des-cbc-md5
        permitted_enctypes = des-cbc-md5

in the [libdefaults] section of /etc/krb5.conf sshd is happy. Thanks for your help.

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
gssapi-with-mic and a Windows AD KDC, Ian Grant Message not available Re: gssapi-with-mic and a Windows AD KDC, Ian Grant Re: gssapi-with-mic and a Windows AD KDC, Sam Evans Message not available Re: gssapi-with-mic and a Windows AD KDC, Sam Evans Re: gssapi-with-mic and a Windows AD KDC, Ian Grant <=

Previous by Date:	Re: OpenSSH and VPN, Josh Tolley
Next by Date:	Re: gssapi-with-mic and a Windows AD KDC, Sam Evans
Previous by Thread:	Re: gssapi-with-mic and a Windows AD KDC, Sam Evans
Next by Thread:	OpenSSH and VPN, Werner Schalk
Indexes:	[Date] [Thread] [Top] [All Lists]