The supported ecnryption types are tied to the kerberos release, which is tied to the OS release level by our distribution vendors. It is extremely rare for customers to be compiling / building kerberos on their own.
http://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/krb5_conf.html#libdefaults *permitted_enctypes* Note that permitted encyption types for the MIT libraries, REQUIRES the proper encryption type name be used, abbreviated names are not supported, whats in that link is the form of the name that will be parsed, invalid encryption types are ignored and the defaults are applied instead (all the types) Encryption types that are newer in the MIT/AD space are limited by the support of the JDK, detailed by the JGSS listing: http://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/jgss-api-mechanism.html Note arcfour-hmac-md5 is also supported (rc4-hmac) The JDK can not support the newer CAMELLA encryption types in the RHEL 7.1 On Thu, Feb 25, 2016 at 8:39 AM, Simo Sorce <s...@redhat.com> wrote: > Not that the Kitten WG is working on standardizing new enctypes for AES > +HMAC-SHA2, this is the latest draft: > https://tools.ietf.org/html/draft-ietf-kitten-aes-cts-hmac-sha2-09 > > Although it will take a while before all the most common implementations > will have support for it, and it may never land on older OSs. > > Simo. > > On Thu, 2016-02-25 at 14:22 +0000, Prashanth Marampally wrote: > > Yep. Got it! > > > > Thanks, > > Prashanth > > > > -----Original Message----- > > From: Rick van Rein [mailto:r...@openfortress.nl] > > Sent: Thursday, February 25, 2016 7:50 PM > > To: Prashanth Marampally > > Cc: kerberos@mit.edu > > Subject: Re: Quick question related to Kerberos + AES256 + SHA2 > > > > OK, > > > > Also note that the hash is not SHA1 but HMAC-SHA1, which is much > stronger. I didn't make that clear before. > > > > -Rick > > > > ________________________________________________ > > Kerberos mailing list Kerberos@mit.edu > > https://mailman.mit.edu/mailman/listinfo/kerberos > > > -- > Simo Sorce * Red Hat, Inc * New York > > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > -- Todd Grayson Business Operations Manager Customer Operations Engineering Security SME ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos