Wed, Aug 26, 2009 at 3:21 PM, Tom Yu<[email protected]> wrote: > Russ Allbery <[email protected]> writes: > >> Tom Yu <[email protected]> writes: >>> John Harris <[email protected]> writes: >> >>>> If I just have aes256-cts:normal and rc4-hmac:normal listed in kdc.conf >>>> in the supported_enctypes field, I'm still able to create the >>>> des-cbc-crc:normal service principal I need. In fact, I can kinit -S >>>> for it and obtain it. My confusion lies in that I thought not having >>>> des-cbc-crc:normal in this configuration line meant the KDC wouldn't >>>> recognize or serve tickets for it. >> >>>> It'd be great to not have to put this in the config line so that later >>>> principals only get the aes256 and rc4 types on them, but I'm not >>>> understanding why I'm successfully obtaining a principal with only the >>>> des encryption type without adding it to this line. >> >>> The "supported_enctypes" configuration variable really means "default >>> list of enctype-salttype pairs for which the kadmin subsystem will >>> generate keys". The name is arguably misleading; if anyone has ideas >>> about a better name, please suggest one. >> >> default_enctypes, maybe? > > Possibly... though we do already have "default_tkt_enctypes" and > "default_tgs_enctypes", which mean something completely different.
default_ktadd_enctypes ? ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
