On Thu, May 18, 2006 at 04:12:00PM -0700, Henry B. Hotz wrote: > On May 16, 2006, at 2:32 PM, [EMAIL PROTECTED] wrote: > On Heimdal you would normally create the entry and then delete the > unwanted encryption key types (if necessary). I think the mechanism > is different for Sun or MIT servers: you specify the enc type you > want as part of the add?
Correct. > I wouldn't prohibit des3 across the board > just because you have some Sun machines that haven't been upgraded to > Solaris 10. Me either. If you move your KDC to Solaris 10 you'll get the benefit of that kadmind heuristic and never (mostly) notice this problem. (The heuristic, IIRC, is that the randkey operation assumes only 1DES is desired -- kadmin/ktadd on S10 always uses the randkey_3 operation, while on S8/9 it always uses randkey.) Nico -- ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
