[draft] End of Support For Kerberos 4
Mike Friedman
mikef at ack.Berkeley.EDU
Fri Aug 20 17:40:53 EDT 2004
On Fri, 20 Aug 2004 at 16:19 (-0400), Sam Hartman wrote:
> We recommend any sites that have not already done so begin a migration
> to Kerberos 5. Kerberos 5 provides support for strong encryption,
> extensibility, much better cross-vendor interoperability and ongoing
> development and enhancement.
I've been running K5 for some time; my KDC is currently at 1.2.7. But
I've never used 3DES keys because support for them was weak and
inconsistent back when I first went to 1.2.x (older clients wouldn't work,
for one thing).
Now I'd like to look seriously at making 3DES my default, including
service keys and the master db key. Our most prevalent client software is
at the 1.2.2 level and I don't think I'm going to worry about anything
before 1.2.
Is there some documentation on *all* the necessary steps to convert to
using 3DES as a default? If not, can somone post that information?
Thanks.
Mike
------------------------------------------------------------------------------
Mike Friedman System and Network Security
mikef at ack.Berkeley.EDU 2484 Shattuck Avenue
1-510-642-1410 University of California at Berkeley
http://ack.Berkeley.EDU/~mikef http://security.berkeley.edu
------------------------------------------------------------------------------
More information about the krbdev
mailing list