It’s been ages since I stood up a Kerberos realm, but… would it be possible to allow RC4 only for specific users? Like encrypt win98server@example.com’s heavily locked down account with RC4, but everyone else gets AES-256?
It’s been ages since I stood up a Kerberos realm, but… would it be possible to allow RC4 only for specific users? Like encrypt win98server@example.com’s heavily locked down account with RC4, but everyone else gets AES-256?
Yes you can enable specific encryption types for users. It's not super common, but it can be done.