Windows 2003 R2 as KDC for CUPS

[JM TETU]

Hello,

I try to use a windows 2003 R2 as KDC to authenticate the jobs. And it doesn't work!
The config was tested with a windows 2000 as KDC and it was working (but in the next weeks we'll have only windows 2003 :( )

On windows, the command ktpass create a krb5.keytab


klist -k -e
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
   3 ipp/cupsserver.enst-bretagne.fr at ADDOMAIN.ENST-BRETAGNE.FR (ArcFour with HMAC/md5)

--> i tried other encryption scheme, but it wasn't  better.

kinit -k ipp/cupsserver.enst-bretagne.fr -->doesn't give error.
kvno ipp/cupsserver.enst-bretagne.fr --> good too

the keytab was tested successfully with the commands gss-server and gss-client (i update to kerberos MIT 1.6)

when i try to print, i have an error (unauthorized)
But i obtain a  TGS for the ipp:

klist -e
Ticket cache: FILE:/tmp/krb5cc_8005
Default principal: mylogin at ADDOMAIN.ENST-BRETAGNE.FR

Valid starting     Expires            Service principal
10/22/07 15:48:25  10/22/07 22:28:25  krbtgt/ADDOMAIN.ENST-BRETAGNE.FR at ADDOMAIN.ENST-BRETAGNE.FR
        Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5
10/22/07 15:49:48  10/22/07 22:28:25  ipp/cupsserver.enst-bretagne.fr at ADDOMAIN.ENST-BRETAGNE.FR
        Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5


And, in var/log/cups/error_log:

D [22/Oct/2007:15:03:12 +0200] get_gss_creds: Attempting to acquire credentials for ipp at pc-disi-051.enst-bretagne.fr...
D [22/Oct/2007:15:03:12 +0200] get_gss_creds: Credentials acquired successfully for ipp at pc-disi-051.enst-bretagne.fr.
D [22/Oct/2007:15:03:12 +0200] cupsdAuthorize: Error accepting GSSAPI security context: Invalid token was supplied, Token header is malformed or corrupt
--------------------------------------------------------------------------------------------

I hope i do an error somewhere.
Somebody see  where?