Application compatible issue, AES256  is not been supported.


On 21/07/2014 7:15 pm, Martin Kosek <> wrote:
On 07/21/2014 03:38 PM, Eldo Joseph wrote:
> Is it possible to disable AES256 Encryption from IPA, while making Kerberos 
> principals...
> -Eldo-

I think you would need to hand update krbDefaultEncSaltTypes in
cn=YOUR-REALM,cn=kerberos,SUFFIX (via ldapmodify) to make this working.

Can you share what is the motivation for this change? I see requests to rather
add additional (older) encryption types, not removing the current ones.

Manage your subscription for the Freeipa-users mailing list:
Go To for more info on the project

Reply via email to