[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AES keys?

To: Heimdal <heimdal-discuss@sics.se>
Subject: AES keys?
From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
Date: Tue, 23 Mar 2004 16:26:12 -0800
In-Reply-To: <xofllly62l7.fsf@blubb.pdc.kth.se>
References: <1079102606.9672.18.camel@columbus> <40520C71.8040601@gmx.de><p05210602bc7dca2a7c8d@[192.168.0.134]><xof8yhz7k9j.fsf@blubb.pdc.kth.se><p05210607bc7e64cd4410@[192.168.0.134]> <xofllly62l7.fsf@blubb.pdc.kth.se>
Sender: owner-heimdal-discuss@sics.se

What should I put in the [kadmin] default_keys line to get AES keys generated?

I'm guessing it's something like:
	default_keys = v4 . . . aes256_cts_hmac_sha1:pw-salt

Also any comments on interoperability with implementations like 
Solaris 8 and Microsoft that don't support aes?  There are situations 
where I want to support full compatibility and use des-cbc-crc, and 
there are others where I need better security than that and must use 
aes256.  A given user may need to operate with both kinds of servers.
-- 
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu

Follow-Ups:
- Re: AES keys?
  - From: Love <lha@stacken.kth.se>

References:
- Enabling GSSAPI support in Cyrus-SASL
  - From: Robert Fitzpatrick <robert@webtent.com>
- Re: Enabling GSSAPI support in Cyrus-SASL
  - From: Harry Rüter <harry_rueter@gmx.de>
- Password expiration
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
- Re: Password expiration
  - From: joda@pdc.kth.se (Johan Danielsson)
- Re: Password expiration (+ Doc patch)
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
- Re: Password expiration (+ Doc patch)
  - From: joda@pdc.kth.se (Johan Danielsson)

Prev by Date: Re: LDAP backend
Next by Date: Re: Proposal to export gssapi context
Prev by thread: Re: Password expiration (+ Doc patch)
Next by thread: Re: AES keys?
Index(es):
- Date
- Thread