On ke, 16 joulu 2020, Jerry Träskelin via FreeIPA-users wrote:
Hi,
nice to see someone else struggling with the same problems. I'm still
having the issue even with hotfix. You can go around it by creating a
new registry entry
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Kdc\PerformTicketSignature
and setting the value to 0
(
https://support.microsoft.com/en-us/help/4598347/managing-deployment-of-k...)
but I wouldn't recommend it as a long-term solution.
Yep. There is nothing we can do on MIT Kerberos side at all -- this is a
problem on Microsoft side and they need to fix their own implementation.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland