On 02/25/2012 09:40 AM, Simo Sorce wrote:
Why do we now have all these enctypes? Is it to satify forwarding/proxy
when you don't know a prori which enctype the foreign endpoint will require?

Because in kerberos each principal can have multiple keys, generally one
per supported (by the KDC) enctype. This is so that a client can use the
strongest enctype it has crypto support for.

Sure, that makes sense. But this is new behavior, what changed?

John Dennis <jden...@redhat.com>

Looking to carve out IT costs?

Freeipa-users mailing list

Reply via email to