On Thu, Jun 28, 2007 at 02:33:03PM -0700, Henry B. Hotz wrote: > I find things are easier if you disable aes256 (in favor of aes128) > and des-cbc-md4 (if you're still using single-des at all that is) on > your kdc. Solaris supports everything else that's common. AES-128 > is plenty good enough for the foreseeable future AFAIK.
The S10 KDC also supports AES-256, but only if you install SUNWcry*. Same for the rest of the S10 Kerberos V implementation. Nico --
