aes-sha2 in default etype list now?

Greg Hudson ghudson at
Wed Jun 21 13:13:38 EDT 2017

On 06/21/2017 11:11 AM, Weijun Wang wrote:
> But the doc at 
> shows:
> .. |defetypes| replace:: ``aes256-cts-hmac-sha1-96 
> aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 
> camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 
> des-cbc-md4``

That's an oversight; I have filed a PR to update it.

> Are aes128-sha2 and aes256-sha2 default etypes?

They are permitted by default, though not in the default list of
key/salt types for generating new keys.

More information about the krbdev mailing list