why so many enctypes?
Gerald (Jerry) Carter
jerry at samba.org
Tue Apr 18 11:21:49 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Luke Howard wrote:
> Jerry,
>
>> Shouldn't we actually be doing what the
>> admin specified in krb5.conf ?
>
> Perhaps. But don't forget that as an acceptor you
> have no control over what enctype the KDC used when
> issuing a service ticket to a client, so it's good
> to be prepared to accept whatever you may be presented
> with.
True. But these entries are created when joining
an AD domain so I don't see why the 3DES and AES entries
are generated. I could conceed the point fo rthe single
DES (although I think even there we use one not supported
by AD domain controllers).
cheers, jerry
=====================================================================
I live in a Reply-to-All world. -----------------------
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFERMvNIR7qMdg1EfYRAkfoAJ9I1Oos79szh8D1TU3B6TkPeFSGhgCeI58Z
ynkkJZdjwjGfvFk5eR2qpVk=
=d0y2
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list