The question is; how much variation can be tolerated on the configuration of encryption type settings within the krb5.conf / kdc.conf
Generally speaking I'm using this as the reference for proper values to set; (krb5.conf) http://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/krb5_conf.html (kdc.conf) http://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/kdc_conf.html I constantly see "clipped" values being used and I wonder, is kerberos using those, or is it just discarding and going to default behavior at that point, and the settings are worthless. Examples of this are: aes-256 for aes256-cts-hmac-sha1-96 rc4-hmac for arcfour-hmac-md5 Are these actually being parsed properly, (the first value, obviously being the questioned abbreviation...) -- Todd Grayson Customer Operations Engineering ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos