directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Enrique Rodriguez (JIRA)" <>
Subject [jira] Closed: (DIRSERVER-153) Make encryption system selection configurable
Date Tue, 22 May 2007 00:37:16 GMT


Enrique Rodriguez closed DIRSERVER-153.

    Resolution: Fixed

Made encryption system selection configurable on revision r540371.

One or more encryption types can be listed in the encryption types property, whitespace-delimited,
first type on the left is most preferred.  For example, using pre-1.5.1 configuration:

<prop key="kdc.encryption.types">aes256-cts-hmac-sha1-96</prop>
... or ...
<prop key="kdc.encryption.types">aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1-kd

AES-256 requires the installation of "unlimited strength" policy, available from the VM vendor.


> Make encryption system selection configurable
> ---------------------------------------------
>                 Key: DIRSERVER-153
>                 URL:
>             Project: Directory ApacheDS
>          Issue Type: New Feature
>          Components: kerberos
>            Reporter: Enrique Rodriguez
>         Assigned To: Enrique Rodriguez
>            Priority: Minor
>             Fix For: 1.5.1
> Right now encryption system selection is performed by the KDC services based on the client
request and the encryption systems available to the KDC.  This needs to be configurable external
to the KDC and, ideally, determined once, up-front, in service execution so a suitable exception
can be thrown as soon as possible if the desired encryption system is not supported.
> Also, usage of the EncryptionType should be replaced with an actual EncryptionSystem.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message