[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: i need help configuring encryption type in kdc

Sujeevan Rasaratnam <sujeevan.rasaratnam@alcatel.com> writes:

> I need to force it to use des-cbc-crc or des-cbc-md5 because
> kerberos support in jaas (java authentication and authorization
> service) only supports those encryption types.

Are you using it as client or server?

The client should send a list of etypes it supports, so let's hope
that works.

For the server case, you will have to remove the enctypes the server
doesn't handle (with kadmin del_enctype).

> [libdefaults]
>  default_tgs_enctypes=des-cbc-crc
>  default_tgt_enctypes=des-cbc-crc

These are MIT settings, which we should perhaps support (the last
should be default_tkt_enctypes).

Instead we have a "default_etypes" which roughly corresponds to
these. They only affect the client though (I believe this is the case
with default_*_enctypes too).