why so many enctypes?

[Gerald (Jerry) Carter]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jeremy,

Why do we add keytab entries for so many enctypes in
/etc/krb5.keytab?  I see DES, 3DES, AES, & RC4-HMAC.
I got 182 entries after a single 'net ads join'.
/etc/krb5.conf has rc4-hmac listed as the only default enctype.

ads_keytab_add_entry: adding keytab entry for (oak$@COLOR.PLAINJOE.ORG)
with encryption type (1) and version (11)
ads_keytab_add_entry: adding keytab entry for (oak$@COLOR.PLAINJOE.ORG)
with encryption type (3) and version (11)
ads_keytab_add_entry: adding keytab entry for (oak$@COLOR.PLAINJOE.ORG)
with encryption type (2) and version (11)
ads_keytab_add_entry: adding keytab entry for (OAK$@COLOR.PLAINJOE.ORG)
with encryption type (18) and version (11)
ads_keytab_add_entry: adding keytab entry for (OAK$@COLOR.PLAINJOE.ORG)
with encryption type (17) and version (11)
ads_keytab_add_entry: adding keytab entry for (OAK$@COLOR.PLAINJOE.ORG)
with encryption type (16) and version (11)
ads_keytab_add_entry: adding keytab entry for (OAK$@COLOR.PLAINJOE.ORG)
with encryption type (23) and version (11)

Shouldn't we actually be doing what the admin specified in krb5.conf ?



cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFERFQ6IR7qMdg1EfYRAhOLAJ48LJ2O+2YkQzh95vBLwSb9nVcUEwCgxXkX
YUZLGq7urE4z8iz1lDlwP7A=
=65+J
-----END PGP SIGNATURE-----