Adding supported enctypes to kdc
John Washington
jawashin at uiuc.edu
Fri Nov 16 16:15:21 EST 2007
I would definitely add aes128-cts-hmac-sha1-96 and aes256-cts-hmac-sha1-96,
as Microsoft is adding these to AD (and I prefer good encryption, not
really broken encryption)
as per:
http://blogs.technet.com/ad/archive/2007/11/02/server-2008-and-windows-vista-encryption-better-together.aspx
* Steve Devine <devine.steve at gmail.com> [2007-11-16 15:05]:
> Our current supported enctypes are:
> des3-hmac-sha1:normal, des-cbc-crc:normal, des-cbc-crc:v4, des-cbc-
> crc:afs3
>
> I want to add rc4-hmac
> So my question is will this disrupt anything? I have read that the
> order matters where I put it in the file.
> Do I need to rekey any principals with keepold? I don't intend to
> remove any enctypes just add them.
>
> Should I add anything else while I am at it? We are striving towards
> Microsoft Compatibility.
>
> Thanks
> Steve Devine
> MSU
More information about the Kerberos
mailing list