[31409] in Kerberos
supported_enctypes question
daemon@ATHENA.MIT.EDU (John Harris)
Wed Aug 26 14:06:13 2009
Message-ID: <4A95796C.7090406@ucdavis.edu>
Date: Wed, 26 Aug 2009 11:05:32 -0700
From: John Harris <harris@ucdavis.edu>
MIME-Version: 1.0
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Greetings,
I currently have a MIT KDC where I need to use the des-cbc-crc:normal
encryption type on *one* service principal. The rest of my KDC all
principals can be aes or rc4. I'm confused as to what I need in my
config and what will work.
If I just have aes256-cts:normal and rc4-hmac:normal listed in kdc.conf
in the supported_enctypes field, I'm still able to create the
des-cbc-crc:normal service principal I need. In fact, I can kinit -S
for it and obtain it. My confusion lies in that I thought not having
des-cbc-crc:normal in this configuration line meant the KDC wouldn't
recognize or serve tickets for it.
It'd be great to not have to put this in the config line so that later
principals only get the aes256 and rc4 types on them, but I'm not
understanding why I'm successfully obtaining a principal with only the
des encryption type without adding it to this line.
Any hints?
John Harris
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
