Antwort: Re: Encryption types [Virus checked]
Sam Hartman
hartmans at MIT.EDU
Sun Apr 11 15:38:24 EDT 2004
>>>>> "denis" == denis havlik <denis.havlik at t-mobile.at> writes:
>> Make sure that the service principals in the KDC do not contain
>> any enctypes other than DES-CBC-CRC or DES-CBC-MD5. Java
>> cannot handle them.
denis> Don't understand this. Aren't client programs supposed to
denis> choose the encryption types they do understand out of the
denis> types that are offered by KDC, and negotiate the strongest
denis> encryption supported by both KDC and the client program?
Not quite. Not quite. The KDC chooses the strongest encryption type
from those offered by the client and those supported by the service
for which a ticket is being issued.
But that still leaves both of us confused about why using Java as a
client would influence the choice of enctypes for the server.
--Sam
More information about the Kerberos
mailing list