On 02/25/2012 09:40 AM, Simo Sorce wrote:
Why do we now have all these enctypes? Is it to satify forwarding/proxy
when you don't know a prori which enctype the foreign endpoint will require?


Because in kerberos each principal can have multiple keys, generally one
per supported (by the KDC) enctype. This is so that a client can use the
strongest enctype it has crypto support for.

Sure, that makes sense. But this is new behavior, what changed?

--
John Dennis <jden...@redhat.com>

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to