Jacques Lebastard jacques.lebastard at evidian.com
Tue Sep 14 12:49:02 EDT 2004

Hi there,

our client/server application uses either SSPI (Windows) or GSS-API 
(UNIX) in order to establish a secure context.

In order to make it work properly, I had to set specific encryption 
types in the krb5.conf file of the UNIX server:

         default_tkt_enctypes = des-cbc-md5
         default_tgs_enctypes = des-cbc-md5

Does that mean that the established session keys are DES 64 bits *ONLY* 
? It sounds like a weak encryption...

Are any other encryption types compatible between MIT and Windows 
2000/2003 (native) Kerberos implementations ?

Mr. Jacques LEBASTARD            mailto:jacques.lebastard at evidian.com
EVIDIAN S.A.                     www.evidian.com
Rue Jean Jaurès                  Tel: +33 1 30 80 77 86
F-78340 LES CLAYES SOUS BOIS     Fax: +33 1 30 80 77 99

More information about the Kerberos mailing list