Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Supported Encryption Types

Any tag in the configuration files which requires a list of encryption types can be set to some combination of the following strings.

des-cbc-crc
DES cbc mode with CRC-32
des-cbc-md4
DES cbc mode with RSA-MD4
des-cbc-md5
DES cbc mode with RSA-MD5
des3-cbc-sha1
des3-hmac-sha1
des3-cbc-sha1-kd
triple DES cbc mode with HMAC/sha1
des-hmac-sha1
DES with HMAC/sha1
aes256-cts-hmac-sha1-96
aes256-cts
AES-256 CTS mode with 96-bit SHA-1 HMAC
aes128-cts-hmac-sha1-96
aes128-cts
AES-128 CTS mode with 96-bit SHA-1 HMAC
arcfour-hmac
rc4-hmac
arcfour-hmac-md5
RC4 with HMAC/MD5
arcfour-hmac-exp
rc4-hmac-exp
arcfour-hmac-md5-exp
exportable RC4 with HMAC/MD5

While aes128-cts and aes256-cts are supported for all Kerberos operations, they are not supported by older versions of our GSSAPI implementation (krb5-1.3.1 and earlier).

By default, AES is enabled in this release. Sites wishing to use AES encryption types on their KDCs need to be careful not to give GSSAPI services AES keys if the servers have not been updated. If older GSSAPI services are given AES keys, then services may fail when clients supporting AES for GSSAPI are used. Sites may wish to use AES for user keys and for the ticket granting ticket key, although doing so requires specifying what encryption types are used as each principal is created.

If all GSSAPI-based services have been updated before or with the KDC, this is not an issue.


 
 
  © 1985-2006 by the Massachusetts Institute of Technology - Reproduced with permission. Design by Interspire