On 02/25/2012 09:40 AM, Simo Sorce wrote:
Why do we now have all these enctypes? Is it to satify forwarding/proxy
when you don't know a prori which enctype the foreign endpoint will require?
Because in kerberos each principal can have multiple keys, generally one
per supported (by the KDC) enctype. This is so that a client can use the
strongest enctype it has crypto support for.
Sure, that makes sense. But this is new behavior, what changed?
--
John Dennis <jden...@redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users