The default tkt and tgs enctypes need to be set to rc4-hmac. Windows Server 2008 supports encryption up to 256 aes however, not all Kerberos clients do, *including the CAS server Kerberos client. The encryption is forced down to rc4-hmac for compatibility with CAS*.
Not very familiar with that part of the codebase, but as I understand your observation, CAS only support the RC4 cipher and you would like support for other ciphers, including AES-256. Is that correct? If yes, please file a Jira improvement issue for it and post the link to the issue here to close the loop.
Thanks, M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
