GSSAPI interoperability problem between Java 1.5 & MIT Kerberos
Sam Hartman
hartmans at MIT.EDU
Fri Jan 13 09:21:56 EST 2006
>>>>> "Ken" == Ken Hornstein <kenh at cmf.nrl.navy.mil> writes:
>> I do agree it is sub-optimal that the MIT implementation does
>> not support des-mac. I'm not at all sure it is worth fixing;
>> it would be years before we got the fix everywhere and it does
>> not seem that DES's lifetime is that long.
Ken> In addition, it doesn't seem to me that there's a way to
Ken> discover if the remote site supports des-mac, and the RFC
Ken> does indicate that not every implementation supports it.
Ken> Given that, if you want to hax maximum interoperability, it
Ken> seems to me that you should never use it.
I was proposing supporting for receive, not for transmit.
--Sam
More information about the krbdev
mailing list