encryption in Kerberos
Encryption is used for both the ticket-granting-ticket and session tickets.
There are three components:
Each one may support a different set of encryption types, and the protocol needs to negotiate a mutually-supported enctype for things to work.
The way you avoid this problem is by limiting the encryption types stored in the KDCs DB for the server to what the server actually understands. The KDC can't issue tickets with encryption types it doesn't have on record. Everything is guaranteed to work.