GSSAPI interoperability problem between Java 1.5 & MIT Kerberos
jhutz at cmu.edu
Mon Jan 9 19:11:20 EST 2006
On Monday, January 09, 2006 03:06:43 PM -0500 Ken Hornstein
<kenh at cmf.nrl.navy.mil> wrote:
> RFC 1964 says regarding DES-MAC: "Support for this algorithm may not be
> present in all implementations." RFC 4121 has changed things around and
> is silent on the issue. I believe that Java is wrong in using DES-MAC
> for integrity, but what do other people think?
I wonder if I should tell you to go to the KITTEN list... :-)
RFC4121 describes only the kcrypto-based messages used for "newer"
enctypes; for "older" enctypes it defers to RFC1964.
> More importantly, is there
> a way to fix it?
... but this seems on-topic. Too bad I don't have an answer. :-(
More information about the krbdev