UNIX GSS-API / Windows SSPI :
Jacques Lebastard
jacques.lebastard at evidian.com
Tue Sep 14 12:49:02 EDT 2004
Hi there,
our client/server application uses either SSPI (Windows) or GSS-API
(UNIX) in order to establish a secure context.
In order to make it work properly, I had to set specific encryption
types in the krb5.conf file of the UNIX server:
[libdefaults]
default_tkt_enctypes = des-cbc-md5
default_tgs_enctypes = des-cbc-md5
Does that mean that the established session keys are DES 64 bits *ONLY*
? It sounds like a weak encryption...
Are any other encryption types compatible between MIT and Windows
2000/2003 (native) Kerberos implementations ?
--
Mr. Jacques LEBASTARD mailto:jacques.lebastard at evidian.com
EVIDIAN S.A. www.evidian.com
Rue Jean Jaurès Tel: +33 1 30 80 77 86
F-78340 LES CLAYES SOUS BOIS Fax: +33 1 30 80 77 99
More information about the Kerberos
mailing list