[36703] in Kerberos
RE: Need info on Kerberos configuration with AES & SHA2
daemon@ATHENA.MIT.EDU (Prashanth Marampally)
Sat Jan 3 09:40:38 2015
From: Prashanth Marampally <PMarampally@agiliance.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Date: Sat, 3 Jan 2015 14:40:17 +0000
Message-ID: <E8B88F60B13F8A45B352646B20CF85BC7DF8113F@mbx029-w1-ca-10.exch029.domain.local>
In-Reply-To: <alpine.GSO.1.10.1501021541560.23489@multics.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Thank you so much Ben. I really appreciate your help.
-----Original Message-----
From: Benjamin Kaduk [mailto:kaduk@MIT.EDU]
Sent: Saturday, January 03, 2015 2:15 AM
To: Prashanth Marampally
Cc: kerberos@mit.edu
Subject: Re: Need info on Kerberos configuration with AES & SHA2
On Fri, 2 Jan 2015, Prashanth Marampally wrote:
> Hi,
>
> I am naive to kerberos.
>
> Would like to know whether or not can we configure kerberos 5 with AES
> & SHA2. If yes, please guide me with some articles, documentations etc.
Currently, you cannot.
There is a draft proposal for how such a combination could be done (https://tools.ietf.org/html/draft-ietf-kitten-aes-cts-hmac-sha2-05), but it is just a draft and has not yet been finalized as an IETF RFC. After that happens, someone would have to actually implement the proposal in a kerberos library.
-Ben Kaduk
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
