[37170] in Kerberos
Encryption type settings in kdc.conf and krb5.conf
daemon@ATHENA.MIT.EDU (Todd Grayson)
Mon Jul 27 10:51:34 2015
MIME-Version: 1.0
Date: Mon, 27 Jul 2015 08:51:10 -0600
Message-ID: <CALNT6MUD_w0Ax1kTywykCVPXovfkVenDa_XZQtf4hTATsYt+WQ@mail.gmail.com>
From: Todd Grayson <tgrayson@cloudera.com>
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
The question is; how much variation can be tolerated on the configuration
of encryption type settings within the krb5.conf / kdc.conf
Generally speaking I'm using this as the reference for proper values to set;
(krb5.conf)
http://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/krb5_conf.html
(kdc.conf)
http://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/kdc_conf.html
I constantly see "clipped" values being used and I wonder, is kerberos
using those, or is it just discarding and going to default behavior at that
point, and the settings are worthless.
Examples of this are:
aes-256 for aes256-cts-hmac-sha1-96
rc4-hmac for arcfour-hmac-md5
Are these actually being parsed properly, (the first value, obviously being
the questioned abbreviation...)
--
Todd Grayson
Customer Operations Engineering
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
