Encryption Types and Windows
Sam Hartman
hartmans at MIT.EDU
Sun May 25 17:45:21 EDT 2003
[I'm not sure if your email address is real. As a matter of policy I
do not respond to posts to kerberos at mit.edu that do not use working
email addresses, so if this bounces, you should not expect future
responses at least from me.
]
>>>>> "Jason" == Jason C Wells <fake at highperformance.net> writes:
Jason> On Windows 2000, are the supported encryption types part of
Jason> Windows itself, or part of the MIT KfW-2.1.1 package?
Both. Windows SSPI supports des and rc4. (By DES, I mean both
des-cbc-md5 and des-cbc-crc)
KFW supports DES and 3DES.
If you use ms2mit.exe, you are at some level limited to the
intersection of these two.
A KFW based on Kerberos 1.3 will support DES, 3DES, RC4 and AES, but
that code is not yet released.
Jason> Related to the above: Is it true that only DES-CBC-MD5 and
Jason> DES-CBC-CRC are supported under Windows 2000 for
Jason> authentication that occurs via the MIT KfW-2.1.1 package?
No, you can also use 3DES.
Jason Jason> What is the authoritative and current source of information
Jason> for the encryption types for MIT Kerberos? For MIT KfW?
The source code.
In particular look at src/lib/crypto/enctypes.c.
More information about the Kerberos
mailing list