in default Java installation AES is not enabled, user has to copy the unlimited cryptography extension jars (US_export_policy.jar and local_policy.jar) to enable it. (which IMHO is an annoyance for most developers and users alike)
On Sun, Jan 15, 2012 at 4:53 AM, Aleksander Adamowski <[email protected]> wrote: > On Sat, Jan 14, 2012 at 22:42, Kiran Ayyagari <[email protected]> wrote: >> you can call kdcServer.setEncryptionTypes() (with an array or set of >> EncryptionTypeS) >> note that, this method should be called from a non-static method >> (typically from the setup method or the one having @Before annotation) >> calling it from static method might likely result in a null pointer >> exception. >> >> Let me know if you have any issues > > Thanks, it works! > How about making the default in KdcServer compatible with MIT > library's defaults? > > I think it would be sufficient to change one constant > org.apache.directory.server.kerberos.kdc.KdcServer#DEFAULT_ENCRYPTION_TYPES: > > diff --git > a/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcServer.java > b/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcServer.java > index fa14a4c..0673014 100644 > --- > a/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcServer.java > +++ > b/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcServer.java > @@ -85,7 +85,7 @@ public class KdcServer extends DirectoryBackedService > > /** The default encryption types */ > private static final String[] DEFAULT_ENCRYPTION_TYPES = new String[] > - { "des-cbc-md5" }; > + { "aes256-cts-hmac-sha1-96", "aes128-cts-hmac-sha1-96", > "des3-cbc-sha1-kd", "des-cbc-md5" }; > > /** The default for allowing empty addresses */ > private static final boolean DEFAULT_EMPTY_ADDRESSES_ALLOWED = true; > > What do you think about that? > > Just in case, attaching a patch (attachment no. 0001). > > BTW, I've also found a suboptimal fragment in > org.apache.directory.server.kerberos.kdc.KdcServer#prepareEncryptionTypes > - sending a patch (attachment no. 0002). > > -- > Best Regards, > Aleksander Adamowski > http://olo.org.pl -- Kiran Ayyagari
