krbdev Digest, Vol 33, Issue 6

Sam Hartman hartmans at MIT.EDU
Thu Sep 8 18:19:16 EDT 2005

>>>>> "Henry" == Henry B Hotz <hotz at> writes:

    Henry> On Sep 8, 2005, at 9:02 AM, krbdev-request at wrote:

    Will> And if the admin is trying to limit the skey enctypes for a
    Will> particular service on a particular system, are they supposed
    Will> to use the permitted_enctypes krb5.conf parameter?  If so,
    Will> doesn't this affect all services on that system?
    >> Yes.  We have not seen a customer need to limit enctypes on a
    >> per-service (instead of per-system) basis.
    >> Certainly any policy on what the service will accept needs to be
    >> validated at the service.

    Henry> Example:  Solaris 9 machine.

no, this is an example of services that support different enctypes,
not a policy.

The current code supports this.


More information about the krbdev mailing list