Antwort: Re: Encryption types [Virus checked]

Sam Hartman hartmans at MIT.EDU
Sun Apr 11 15:38:24 EDT 2004


>>>>> "denis" == denis havlik <denis.havlik at t-mobile.at> writes:

    >> Make sure that the service principals in the KDC do not contain
    >> any enctypes other than DES-CBC-CRC or DES-CBC-MD5.  Java
    >> cannot handle them.

    denis> Don't understand this. Aren't client programs supposed to
    denis> choose the encryption types they do understand out of the
    denis> types that are offered by KDC, and negotiate the strongest
    denis> encryption supported by both KDC and the client program?

Not quite.  Not quite.  The KDC chooses the strongest encryption type
from those offered by the client and those supported by the service
for which a ticket is being issued.

But that still leaves both of us confused about why using Java as a
client would influence the choice of enctypes for the server.



--Sam


More information about the Kerberos mailing list