dbentry_supports_enctype and 1DES enctypes

Will Fiveash William.Fiveash at sun.com
Mon Aug 29 19:38:01 EDT 2005

On Mon, Aug 29, 2005 at 04:59:18PM -0500, Will Fiveash wrote:
> This would allow the admin to explicitly control the entypes used for
> session keys for that service principal by limiting the enctypes of the
> service princ's keys in the princ DB.

BTW, I realize that permitted_enctypes in the server's krb5.conf will
allow the server to prevent certain enctypes from being used as session
keys but this doesn't prevent the KDC from issueing 1DES session keys.

Will Fiveash
Sun Microsystems Inc.
Austin, TX, USA (TZ=CST6CDT)

More information about the krbdev mailing list