Ken Hornstein <[EMAIL PROTECTED]> writes: >> We're in the process of enabling additional enctypes in a K5 realm that >> previously only had DES keys. Our kdc.conf file now reads (in part): >> >> master_key_type = des-cbc-crc >> supported_enctypes = des-cbc-crc:normal des3-cbc-sha1:normal >> aes256-cts:normal
> There's a implied preference order to the keys listed in > supported_enctypes. If you want AES to be used for tickets (when > possible, of course), you should list that first. > (For session keys, the list send by the client is used as the preference > order). Thanks to both you and Jeff Altman (who sent me the same detail privately) for the diagnosis. I had tried changing the kdc.conf and restarting the KDC, but the preference order is apparently encoded in the database at the time the key is changed. I'll change the key again after changing kdc.conf to fix the preference order. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
