directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aleksander Adamowski <aleksander.adamow...@olo.org.pl>
Subject Re: Default encryptionTypes for KdcServer
Date Sat, 14 Jan 2012 23:23:59 GMT
On Sat, Jan 14, 2012 at 22:42, Kiran Ayyagari <kayyagari@apache.org> wrote:
>  you can call kdcServer.setEncryptionTypes() (with an array or set of
> EncryptionTypeS)
>  note that, this method should be called from a non-static method
> (typically from the setup method or the one having @Before annotation)
>  calling it from static method might likely result in a null pointer exception.
>
>  Let me know if you have any issues

Thanks, it works!
How about making the default in KdcServer compatible with MIT
library's defaults?

I think it would be sufficient to change one constant
org.apache.directory.server.kerberos.kdc.KdcServer#DEFAULT_ENCRYPTION_TYPES:

diff --git a/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcServer.java
b/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcServer.java
index fa14a4c..0673014 100644
--- a/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcServer.java
+++ b/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcServer.java
@@ -85,7 +85,7 @@ public class KdcServer extends DirectoryBackedService

     /** The default encryption types */
     private static final String[] DEFAULT_ENCRYPTION_TYPES = new String[]
-        { "des-cbc-md5" };
+        { "aes256-cts-hmac-sha1-96", "aes128-cts-hmac-sha1-96",
"des3-cbc-sha1-kd", "des-cbc-md5" };

     /** The default for allowing empty addresses */
     private static final boolean DEFAULT_EMPTY_ADDRESSES_ALLOWED = true;

What do you think about that?

Just in case, attaching a patch (attachment no. 0001).

BTW, I've also found a suboptimal fragment in
org.apache.directory.server.kerberos.kdc.KdcServer#prepareEncryptionTypes
- sending a patch (attachment no. 0002).

-- 
Best Regards,
  Aleksander Adamowski
  http://olo.org.pl

Mime
View raw message