>We're in the process of enabling additional enctypes in a K5 realm that >previously only had DES keys. Our kdc.conf file now reads (in part): > >master_key_type = des-cbc-crc >supported_enctypes = des-cbc-crc:normal des3-cbc-sha1:normal aes256-cts:normal
There's a implied preference order to the keys listed in supported_enctypes. If you want AES to be used for tickets (when possible, of course), you should list that first. (For session keys, the list send by the client is used as the preference order). --Ken ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
