[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Default Principals AES Keys

John Harris <harris@ucdavis.edu> writes:

> Greetings,
> I am having a nightmare of a time trying to get AES encryption to work for
> a normal TGT.  I can successfully make the master database stash key with:
> kstash -e aes128-cts-hmac-sha1-96
> I then use kadmin -l to init a REALM.  The default principal is made
> with the keys I specify in the config file, as are principals I make.
> However, I cannot seem to figure out how to get krbtgt/REALM to use AES.
> It only wants to make des and 3des types.
> Any ideas????

your [kamin]default_keys staza is wrong.

It should be

	default_keys = aes256-cts-hmac-sha1-96:pw-salt
	default_keys = aes128-cts-hmac-sha1-96:pw-salt
        default_keys = des3-cbc-sha1:pw-salt
        default_keys = des-cbc-md5:pw-salt

You are missing the salting.


PGP signature