directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: Default encryptionTypes for KdcServer
Date Sat, 14 Jan 2012 21:42:19 GMT
 you can call kdcServer.setEncryptionTypes() (with an array or set of
EncryptionTypeS)
 note that, this method should be called from a non-static method
(typically from the setup method or the one having @Before annotation)
 calling it from static method might likely result in a null pointer exception.

 Let me know if you have any issues

HTH
On Sun, Jan 15, 2012 at 3:04 AM, Aleksander Adamowski
<apache-directory@olo.org.pl> wrote:
> Hi!
>
> While working on my experimental KrbLDAP implementation (see the
> thread on MIT krbdev list:
> http://mailman.mit.edu/pipermail/krbdev/2012-January/010641.html),
> I've discovered that KdcServer by default supports a very limited set
> of encryption types consisting only of des-cbc-md5.
>
> MIT's libkrb5, on the other hand, by default requires one of 4
> enctypes, which doesn't include the ApacheDS's default:
> aes256-cts-hmac-sha1-96 (18),
> aes128-cts-hmac-sha1-96 (17),
> des3-cbc-sha1-kd (16),
> rc4-hmac (23)
>
> Is this choice made on purpose?
>
> In my experimental integration test, I'm creating the KdcServer using
> the @CreateKdcServer annotation:
> https://github.com/aadamowski/apacheds-krbldap-test/blob/master/src/test/java/pl/org/olo/krbldap/apacheds/test/KrbLdapIntegrationTest.java
>
> What's the best way to configure it to handle enctypes compatible with
> MIT libkrb5?
>
>
> --
> Best Regards,
>   Aleksander Adamowski
>   http://olo.org.pl



-- 
Kiran Ayyagari

Mime
View raw message