I have set up silent SSO for Crystal Reports Server 2013 (essentially the same as BI 4.1) on Windows Server 2008 and it is working using the wedgetail parameter in the Java options in tomcat, and the following lines in the krb5.ini file:
default_tgs_enctypes = rc4-hmac
default_tkt_enctypes = rc4-hmac
The next step is to take the password out of the Java parameters and set up a keytab file, but the installation standard is to use AES 256 encryption.
My questions are:
1. Is it possible to use AES encryption? I know it was not supported in the past, and
2. If AES can be used, what are the substitutions needed in krb5.ini and the ktpass command? (The ktpass command has a -crypto parameter with a value of AES256-SHA1 that I assume would be the one I need).