So reading through: http://web.mit.edu/kerberos/www/krb5-1.4/krb5-1.4.1/doc/krb5-install/Upgrading-to-Triple-DES-and-RC4-Encryption-Keys.html#Upgrading%20to%20Triple-DES%20and%20RC4%20Encryption%20Keys
(the upgrading encryption types page)... regarding this sentence "Because of
the way the MIT Kerberos database is structured, the KDC will assume that a
service supports only those encryption types for which keys are found in the
database."
That makes me think that even if kdc.conf has:
default_tgs_enctypes = arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc
and krb5.conf has:
default_tkt_enctypes = arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc
default_tgs_enctypes = arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc
Any principals created before the switchover will obviously be stored in the
old encryption type - but during authentication, what encryption type will be
used between the client and the KDC?
I'm a bit confused as to what all will use the new encryption types and what
will use the old encryption types.
Thanks.
--
Phil Dibowitz
Systems Architect and Administrator
Enterprise Infrastructure / ISD / USC
UCC 180 - 213-821-5427
pgprK510OZwEQ.pgp
Description: PGP signature
________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
