Hi! While working on my experimental KrbLDAP implementation (see the thread on MIT krbdev list: http://mailman.mit.edu/pipermail/krbdev/2012-January/010641.html), I've discovered that KdcServer by default supports a very limited set of encryption types consisting only of des-cbc-md5.
MIT's libkrb5, on the other hand, by default requires one of 4 enctypes, which doesn't include the ApacheDS's default: aes256-cts-hmac-sha1-96 (18), aes128-cts-hmac-sha1-96 (17), des3-cbc-sha1-kd (16), rc4-hmac (23) Is this choice made on purpose? In my experimental integration test, I'm creating the KdcServer using the @CreateKdcServer annotation: https://github.com/aadamowski/apacheds-krbldap-test/blob/master/src/test/java/pl/org/olo/krbldap/apacheds/test/KrbLdapIntegrationTest.java What's the best way to configure it to handle enctypes compatible with MIT libkrb5? -- Best Regards, Aleksander Adamowski http://olo.org.pl
