SAP Note 2115486 says this:
Windows 7 and Windows 2008 R2Windows 7 and Windows 2008 R2 create new challenges for Kerberos interoperability, since they have single-DES enctypes disabled by default because of algorithm strength concerns.
gsskrb5.dll does not know nor care which Kerberos enctypes are used and can be used with all of them.
Which Kerberos enctypes are used is entirely a local matter of Microsoft Kerberos and they are negotiated between all three communication peers participating the Kerberos protocol exchanges: The Microsoft Kerberos SSP client, the Microsoft Kerberos Key Distribution Center (KDC) which is part of Microsoft's Active Directory, and the Microsoft Kerberos SSP server. I am not aware of a possibility to query or influence Kerberos enctype negotiation through Microsoft SSPI functions.
Therefore you will have to refer to documentation and support from Microsoft to obtain the information of enctypes available for negotiation, and Policy settings, OS versions, and user account attributes throughout Microsoft Windows that can affect the Kerberos enctype negotiation.
Add comment