default_tgs_enctypes confusion
Jason C. Wells
jcwells1 at highperformance.net
Thu May 29 22:03:43 EDT 2003
The man page for krb5.conf states that default_tgs_enctypes is a list
session key encryption types that should be returned by the KDC. Also,
default_tkt_enctypes is a list of session key encryption types the should
be requested by the client.
So, if I omit an encryption type, then I am not requesting that encryption
type. Right?
When I delete completely des3-hmac-sha1 from my krb5.conf and get a new
TGT, I still get a des3-hmac-sha1 encryption type on my TGT.
How is this possible?
D:\>klist -e
Ticket cache: API:krb5cc
Default principal: ldsflkskdjf at STRADAMOTORSPORTS.COM
Valid starting Expires Service principal
05/29/03 18:49:34 05/30/03 04:49:34
krbtgt/STRADAMOTORSPORTS.COM at STRADAMOTORSPORTS.COM
Etype (skey, tkt): DES cbc mode with CRC-32, Triple DES cbc mode
with HMAC/sha1
TIA,
Jason C. Wells
(BTW, I did not realize this group was gatewayed to a mailing list. I can
understand why a person who uses the mailing list would be put off by a
faze email address. My apologies to any who got a bounced message from
me. I thought this was just a newsgroup. The address I am using now is
real.)
More information about the Kerberos
mailing list