Encryption type settings in kdc.conf and krb5.conf
Todd Grayson
tgrayson at cloudera.com
Mon Jul 27 10:51:10 EDT 2015
The question is; how much variation can be tolerated on the configuration
of encryption type settings within the krb5.conf / kdc.conf
Generally speaking I'm using this as the reference for proper values to set;
(krb5.conf)
http://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/krb5_conf.html
(kdc.conf)
http://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/kdc_conf.html
I constantly see "clipped" values being used and I wonder, is kerberos
using those, or is it just discarding and going to default behavior at that
point, and the settings are worthless.
Examples of this are:
aes-256 for aes256-cts-hmac-sha1-96
rc4-hmac for arcfour-hmac-md5
Are these actually being parsed properly, (the first value, obviously being
the questioned abbreviation...)
--
Todd Grayson
Customer Operations Engineering
More information about the Kerberos
mailing list