Use of Encryption for KRB_AP_REQ

Sam Hartman hartmans at MIT.EDU
Sat Sep 11 12:38:27 EDT 2004

>>>>> "Ahluwalia," == Ahluwalia, Ish <iahluwalia at> writes:

    Ahluwalia,> Hi All: I'm new to kerberos world, so appologies in
    Ahluwalia,> advance if it's too basic of a question.  Does MIT
    Ahluwalia,> kerberos support des3-cbc-md5 encryption type?  I have
    Ahluwalia,> a requirement which requires me to have the
    Ahluwalia,> Authenticator field of the AP_REQ to be encrypted
    Ahluwalia,> using 3des-cbc-md5 encryption algorithm.  Looking at
    Ahluwalia,> krb5.h file and the IETF specification, it doesn't
    Ahluwalia,> look like this algorithm is supported.  Any help will
    Ahluwalia,> be greatly appreciated?  Is there a way to get around
    Ahluwalia,> this problem and still use MIT kerberos V5.

No, MIT Kerberos does not support this algorithm.  It was a
nonstandard hack that we supported for one release inside a #ifdef 0
block.  It has not received significant security review and will not
be standardized.

Sam Hartman
MIT Information Services and Technology

More information about the Kerberos mailing list