I would definitely add aes128-cts-hmac-sha1-96 and aes256-cts-hmac-sha1-96, as Microsoft is adding these to AD (and I prefer good encryption, not really broken encryption)
as per: http://blogs.technet.com/ad/archive/2007/11/02/server-2008-and-windows-vista-encryption-better-together.aspx * Steve Devine <[EMAIL PROTECTED]> [2007-11-16 15:05]: > Our current supported enctypes are: > des3-hmac-sha1:normal, des-cbc-crc:normal, des-cbc-crc:v4, des-cbc- > crc:afs3 > > I want to add rc4-hmac > So my question is will this disrupt anything? I have read that the > order matters where I put it in the file. > Do I need to rekey any principals with keepold? I don't intend to > remove any enctypes just add them. > > Should I add anything else while I am at it? We are striving towards > Microsoft Compatibility. > > Thanks > Steve Devine > MSU ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
