[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: i need help configuring encryption type in kdc
Johan Danielsson wrote:
>Sujeevan Rasaratnam <sujeevan.rasaratnam@alcatel.com> writes:
>
>
>
>>I need to force it to use des-cbc-crc or des-cbc-md5 because
>>kerberos support in jaas (java authentication and authorization
>>service) only supports those encryption types.
>>
>>
>
>Are you using it as client or server?
>
>The client should send a list of etypes it supports, so let's hope
>that works.
>
>For the server case, you will have to remove the enctypes the server
>doesn't handle (with kadmin del_enctype).
>
>
>
>>[libdefaults]
>> default_tgs_enctypes=des-cbc-crc
>> default_tgt_enctypes=des-cbc-crc
>>
>>
>
>These are MIT settings, which we should perhaps support (the last
>should be default_tkt_enctypes).
>
>Instead we have a "default_etypes" which roughly corresponds to
>these. They only affect the client though (I believe this is the case
>with default_*_enctypes too).
>
>/Johan
>
>
I was using it as a client and jaas was using the native cache. I found
the solution, thanks for the replay. All I had to do is to remove all
the ecryption type except the one I want for the principal
krbtgt/MY.REALM. in kadmin i did del_enctype krbtgt/MY.REALM des3-cbc-sha1
--
Sujeevan Rasaratnam
Alcatel Canada - R&I - Security group