supported enctypes: what is the net effect of removing 3des?
Dan Mahoney (Gushi)
danm at prime.gushi.org
Sun Oct 3 05:34:32 EDT 2021
Hey there. My org is moving off 3des.
My reading of "supported_enctypes" is simply that it will stop kadmin/the
KDC from generating NEW keys of an older type, correct? That if I do a
cpw without -keepold, those keys will be removed -- but otherwise, the KDC
will not act as though a user with 3des-only keys doesn't exist.
Changing it should not break any authentication or tickets? Or will the
kdc then refuse to issue TGT's that use that type at all? (It seems like
that would be affected by the similarly named permitted_enctypes, tho).
-Dan
--
--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
FB: fb.com/DanielMahoneyIV
LI: linkedin.com/in/gushi
Site: http://www.gushi.org
---------------------------
More information about the Kerberos
mailing list