Updating encryption types
Phil Dibowitz
phil at usc.edu
Fri Jul 1 05:14:02 EDT 2005
So reading through:
http://web.mit.edu/kerberos/www/krb5-1.4/krb5-1.4.1/doc/krb5-install/Upgrading-to-Triple-DES-and-RC4-Encryption-Keys.html#Upgrading%20to%20Triple-DES%20and%20RC4%20Encryption%20Keys
(the upgrading encryption types page)... regarding this sentence "Because of
the way the MIT Kerberos database is structured, the KDC will assume that a
service supports only those encryption types for which keys are found in the
database."
That makes me think that even if kdc.conf has:
default_tgs_enctypes = arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc
and krb5.conf has:
default_tkt_enctypes = arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc
default_tgs_enctypes = arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc
Any principals created before the switchover will obviously be stored in the
old encryption type - but during authentication, what encryption type will be
used between the client and the KDC?
I'm a bit confused as to what all will use the new encryption types and what
will use the old encryption types.
Thanks.
--
Phil Dibowitz
Systems Architect and Administrator
Enterprise Infrastructure / ISD / USC
UCC 180 - 213-821-5427
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20050701/2015321f/attachment.bin
More information about the Kerberos
mailing list