Ticket enctype question

Ken Hornstein kenh at cmf.nrl.navy.mil
Thu Aug 31 13:38:08 EDT 2006

>We're in the process of enabling additional enctypes in a K5 realm that
>previously only had DES keys.  Our kdc.conf file now reads (in part):
>master_key_type    = des-cbc-crc
>supported_enctypes = des-cbc-crc:normal des3-cbc-sha1:normal aes256-cts:normal

There's a implied preference order to the keys listed in
supported_enctypes.  If you want AES to be used for tickets (when
possible, of course), you should list that first.

(For session keys, the list send by the client is used as the preference


More information about the Kerberos mailing list