we have setup DataPower as described in http://www.ibm.com/developerworks/websphere/library/techarticles/1207_mcmahon/1207_mcmahon.html, i.e. user authenticates with HTTP Basic Auth, and DataPower acts as a Kerberos client.
The KDC's answer to the AS_REQ leads to the DataPower error message:
get-apreq: Kerberos KDC did not support any of our ticket encryption types.
Looking into the AS_REQ message sent from DataPower, I don't see any etype (Encryption Type) (see attached file AS_REQ_no_etype.png)
I am no expert in the Kerberos protocol.
- Is the etype required in the AS_REQ, or could the KDC assume a default encryption type if none is specified in the request?
- Can / Does DataPower usually send the etype within AS_REQ?
- If so, where do the etype values come from? The keytab file?