[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: i need help configuring encryption type in kdc

To: Sujeevan Rasaratnam <sujeevan.rasaratnam@alcatel.com>
Subject: Re: i need help configuring encryption type in kdc
From: joda@pdc.kth.se (Johan Danielsson)
Date: Tue, 28 Oct 2003 19:08:30 +0100
Cc: heimdal-discuss@sics.se
In-Reply-To: <3F9E90E7.8040704@alcatel.com> (Sujeevan Rasaratnam's messageof "Tue, 28 Oct 2003 10:53:11 -0500")
References: <3F9E90E7.8040704@alcatel.com>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Gnus/5.1002 (Gnus v5.10.2) Emacs/20.7 (berkeley-unix)

Sujeevan Rasaratnam <sujeevan.rasaratnam@alcatel.com> writes:

> I need to force it to use des-cbc-crc or des-cbc-md5 because
> kerberos support in jaas (java authentication and authorization
> service) only supports those encryption types.

Are you using it as client or server?

The client should send a list of etypes it supports, so let's hope
that works.

For the server case, you will have to remove the enctypes the server
doesn't handle (with kadmin del_enctype).

> [libdefaults]
>  default_tgs_enctypes=des-cbc-crc
>  default_tgt_enctypes=des-cbc-crc

These are MIT settings, which we should perhaps support (the last
should be default_tkt_enctypes).

Instead we have a "default_etypes" which roughly corresponds to
these. They only affect the client though (I believe this is the case
with default_*_enctypes too).

/Johan

Follow-Ups:
- Re: i need help configuring encryption type in kdc
  - From: Sujeevan Rasaratnam <sujeevan.rasaratnam@alcatel.com>

References:
- i need help configuring encryption type in kdc
  - From: Sujeevan Rasaratnam <sujeevan.rasaratnam@alcatel.com>

Prev by Date: i need help configuring encryption type in kdc
Next by Date: Re: i need help configuring encryption type in kdc
Prev by thread: i need help configuring encryption type in kdc
Next by thread: Re: i need help configuring encryption type in kdc
Index(es):
- Date
- Thread