We have requirements to only allow AES encryption. I'm trying to understand what is the default and where everything comes in to play, the user tickets are AES when obtained using kinit, but the system keytab shows des3 and arcfour in addition to AES.
So my questions are What is enabled/supported by default? How can des3 and arcfour encryption types be disabled for Kerberos? ? I've seen references to krbDefaultEncSaltTypes but cannot seem to find that in the directory anywhere. Are there any implications to doing this? Running RHEL 6.6 clients against 7.1 servers supporting local and trusted AD users. Thanks -andy *** This communication may contain privileged and/or confidential information. It is intended solely for the use of the addressee. If you are not the intended recipient, you are strictly prohibited from disclosing, copying, distributing or using any of this information. If you received this communication in error, please contact the sender immediately and destroy the material in its entirety, whether electronic or hard copy. *** -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project