On 5/21/07, Enrique Rodriguez <[EMAIL PROTECTED]> wrote:
... We are merging, this week, 2 branches which will address a number of issues with Kerberos. It would be great if you're building from trunk and could test again in a few days. I'll let you know when we've done the merges.
Hi, Keith, We completed merging one of the 2 branches I mentioned. This branch doesn't change configuration but it does fix some Kerberos issues and I recommend trying it out. The main purpose of this branch was to add aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, and des3-cbc-sha1-kd encryption type support. One or more encryption types can be listed in the encryption types property, whitespace-delimited, first type on the left is most preferred. For example, using pre-1.5.1 configuration: <prop key="kdc.encryption.types">aes256-cts-hmac-sha1-96</prop> ... or ... <prop key="kdc.encryption.types">aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1-kd des-cbc-md5</prop> AES-256 requires the installation of "unlimited strength" policy, available from your VM vendor. The policy is signed by the vendor so you can't use the same policy files on different vendors' VMs, ie for Sun download Sun policy, for IBM download IBM policy. Enrique
