We have requirements to only allow AES encryption.  I'm trying to understand 
what is the default and where everything  comes in to play, the user tickets 
are AES when obtained using kinit, but the system keytab shows des3 and arcfour 
in addition to AES.

So my questions are

What is enabled/supported by default?

How can des3 and arcfour encryption types be disabled for Kerberos?  ?  I've 
seen references to krbDefaultEncSaltTypes but cannot seem to find that in the 
directory anywhere.

Are there any implications to doing this?

Running RHEL 6.6 clients against 7.1 servers supporting local and trusted AD 



*** This communication may contain privileged and/or confidential information. 
It is intended solely for the use of the addressee. If you are not the intended 
recipient, you are strictly prohibited from disclosing, copying, distributing 
or using any of this information. If you received this communication in error, 
please contact the sender immediately and destroy the material in its entirety, 
whether electronic or hard copy. ***

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to