Displaying 4 results from an estimated 4 matches for "encode_as_rep_as_tgs_rep".
2017 Nov 09
3
Slow Kerberos Authentication
Hai,
You may need to add the the following in krb5.conf
[libdefaults]
allow_weak_crypto = true
; for Windows 2003
; default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
; default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
; permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
; for Windows 2008 with AES
default_tgs_enctypes = aes128-cts-hmac-sha1-96
2017 Nov 10
2
Slow Kerberos Authentication
...he other krb5.conf options work, but you might give it a try.
See man krb5.conf, where i took it from.
add /change in krb5.conf
[kdc]
tgt-use-strongest-session-key = BOOL
svc-use-strongest-session-key = BOOL
preauth-use-strongest-session-key= BOOL
use-strongest-server-key = BOOL
encode_as_rep_as_tgs_rep = BOOL
BOOL = true or false.
You might set the default windows encryption in krb5.conf as standard, but imo, that are changes which might give other problems.
And is not my best advice..
So best advice is .. upgrade to samba 4, and packages are available.
https://linux.oracle....
2017 Nov 10
0
Slow Kerberos Authentication
...I dont think the other krb5.conf options work, but you might give it a try.
See man krb5.conf, where i took it from.
add /change in krb5.conf
[kdc]
tgt-use-strongest-session-key = BOOL
svc-use-strongest-session-key = BOOL
preauth-use-strongest-session-key= BOOL
use-strongest-server-key = BOOL
encode_as_rep_as_tgs_rep = BOOL
BOOL = true or false.
You might set the default windows encryption in krb5.conf as standard, but imo, that are changes which might give other problems.
And is not my best advice..
So best advice is .. upgrade to samba 4, and packages are available.
https://linux.oracle.com/errata/E...
2017 Nov 11
0
Slow Kerberos Authentication
...ge in krb5.conf
>
> [kdc]
> tgt-use-strongest-session-key = BOOL
> svc-use-strongest-session-key = BOOL
> preauth-use-strongest-session-key= BOOL
> use-strongest-server-key = BOOL
> encode_as_rep_as_tgs_rep = BOOL
>
> BOOL = true or false.
>
> You might set the default windows encryption in krb5.conf
> as standard, but imo, that are changes which might give other problems.
> And is not my best advice..
>
> So best...