GSSAPI interoperability problem between Java 1.5 & MIT Kerberos

Sam Hartman hartmans at MIT.EDU
Fri Jan 13 09:21:56 EST 2006

>>>>> "Ken" == Ken Hornstein <kenh at> writes:

    >> I do agree it is sub-optimal that the MIT implementation does
    >> not support des-mac.  I'm not at all sure it is worth fixing;
    >> it would be years before we got the fix everywhere and it does
    >> not seem that DES's lifetime is that long.

    Ken> In addition, it doesn't seem to me that there's a way to
    Ken> discover if the remote site supports des-mac, and the RFC
    Ken> does indicate that not every implementation supports it.
    Ken> Given that, if you want to hax maximum interoperability, it
    Ken> seems to me that you should never use it.

I was proposing supporting for receive, not for transmit.


More information about the krbdev mailing list