|Work in progress|
This site is in the process of being reviewed and updated.
Due to export control restrictions, JDK 5.0 environments do not ship with support for AES-256 enabled. Kerberos uses AES-256 in the 'aes256-cts-hmac-sha1-96' encryption type. To enable AES-256, you must download "unlimited strength" policy JAR files for your JRE. Policy JAR files are signed by the JRE vendor so you must download policy JAR files for Sun, IBM, etc. separately. Also, policy files may be different for each platform, such as i386, Solaris, or HP.
- Download the unlimited strength policy JAR files.
- Extract the unlimited strength policy JAR files.
|| Unlimited strength local policy file
|| Unlimited strength US export policy file
- Install the unlimited strength policy JAR files by copying them to the standard location. <jre-home> refers to the directory where the J2SE Runtime Environment (JRE) was installed. Adjust pathname separators for your environment.
| Standard Location
- Optionally, create subfolders in <jre-home>/lib/security, named, for example, "limited" and "unlimited" so you can switch between policy files easily, by copying the policy JAR files from one of the subfolders to the <jre-home>/lib/security directory.