On 05/31/2012 03:17 PM, Simo Sorce wrote:
I think you may need to download "Java Cryptography Extension (JCE)
Unlimited Strength Jurisdiction Policy Files 7"
See here:

Apparently AES is not fully supported unless you have the JCE which is
not distributed by default due to restrictions on export as far as I can

Thank you for your reply Simo, I have actually been testing this both with and without the unlimited strength policy - the error message is the same in both cases, the only difference is that without the policy in place aes128 is selected instead of aes256.

If you prefer to restrict your self to rc4-hmac, see the ipa-getkeytab
man page on how to explicitly request a set of enctypes on a new keytab.
Please remember that running ipa-getkeytab will invalidate your previous

Also to clarify at this stage I am supplying a username and password in the client - I wanted to get that working first before switching it to a keytab.



Freeipa-users mailing list

Reply via email to