GSSAPI interoperability problem between Java 1.5 & MIT Kerberos

Jeffrey Hutzelman jhutz at
Mon Jan 9 19:11:20 EST 2006

On Monday, January 09, 2006 03:06:43 PM -0500 Ken Hornstein 
<kenh at> wrote:

> RFC 1964 says regarding DES-MAC: "Support for this algorithm may not be
> present in all implementations."  RFC 4121 has changed things around and
> is silent on the issue.  I believe that Java is wrong in using DES-MAC
> for integrity, but what do other people think?

I wonder if I should tell you to go to the KITTEN list... :-)
RFC4121 describes only the kcrypto-based messages used for "newer" 
enctypes; for "older" enctypes it defers to RFC1964.

> More importantly, is there
> a way to fix it?

... but this seems on-topic.  Too bad I don't have an answer. :-(

More information about the krbdev mailing list