> If Allow_weak_crypto = true is making things work better with Windows,
something is broken somewhere else to cause this.
Without this parameter in krb5.conf the auth against the ADS to access services like http goes wrong and asks fora login/pass instead of using the kerberos tickets, claiming unsupported enctype.
> I think we have fairly high confidence in that code.
I'm sure too we can have confidence in the MIT code, no problem with that.
It just goes wrong using the last ubuntu version of krb5 when trying to authenticate and browse a samba share that was perfectly browsable with the krb5 version used in 9.04.
> If Allow_weak_crypto = true is making things work better with Windows,
something is broken somewhere else to cause this.
Without this parameter in krb5.conf the auth against the ADS to access services like http goes wrong and asks fora login/pass instead of using the kerberos tickets, claiming unsupported enctype.
> I think we have fairly high confidence in that code.
I'm sure too we can have confidence in the MIT code, no problem with that.
It just goes wrong using the last ubuntu version of krb5 when trying to authenticate and browse a samba share that was perfectly browsable with the krb5 version used in 9.04.