Garrison, Eric C wrote: > 07/08/09 14:53:56 07/09/09 00:53:44 afs/afstest.iu.edu@ADS.IU.EDU > renew until 07/09/09 14:53:40, Etype (skey, tkt): AES-256 CTS mode > with 96-bit > SHA-1 HMAC, AES-256 CTS mode with 96-bit SHA-1 HMAC > > So what else should I look for in the token being bad in another way? The answer is right above. AES-256 is not DES-CBC-CRC