Review of concluding January 10 2009

Sam Hartman hartmans at MIT.EDU
Tue Jan 6 12:26:18 EST 2009

   RFC 4537 defines an encryption type negotiation extension to Kerberos. This option
      allows clients and servers to use a stronger or faster bulk encryption mechanism even if
         the KDC does not support it. The client indicates a set of supported encryption types in
            the ap-req. If the server chooses one of these encryption types then it proposes a
               subkey in the ap-rep with an encryption type different than that selected by the client.


More information about the krbdev mailing list