supported_enctypes question
John Harris
harris at ucdavis.edu
Wed Aug 26 14:05:32 EDT 2009
Greetings,
I currently have a MIT KDC where I need to use the des-cbc-crc:normal
encryption type on *one* service principal. The rest of my KDC all
principals can be aes or rc4. I'm confused as to what I need in my
config and what will work.
If I just have aes256-cts:normal and rc4-hmac:normal listed in kdc.conf
in the supported_enctypes field, I'm still able to create the
des-cbc-crc:normal service principal I need. In fact, I can kinit -S
for it and obtain it. My confusion lies in that I thought not having
des-cbc-crc:normal in this configuration line meant the KDC wouldn't
recognize or serve tickets for it.
It'd be great to not have to put this in the config line so that later
principals only get the aes256 and rc4 types on them, but I'm not
understanding why I'm successfully obtaining a principal with only the
des encryption type without adding it to this line.
Any hints?
John Harris
More information about the Kerberos
mailing list