directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aleksander Adamowski <>
Subject Default encryptionTypes for KdcServer
Date Sat, 14 Jan 2012 21:34:31 GMT

While working on my experimental KrbLDAP implementation (see the
thread on MIT krbdev list:,
I've discovered that KdcServer by default supports a very limited set
of encryption types consisting only of des-cbc-md5.

MIT's libkrb5, on the other hand, by default requires one of 4
enctypes, which doesn't include the ApacheDS's default:
aes256-cts-hmac-sha1-96 (18),
aes128-cts-hmac-sha1-96 (17),
des3-cbc-sha1-kd (16),
rc4-hmac (23)

Is this choice made on purpose?

In my experimental integration test, I'm creating the KdcServer using
the @CreateKdcServer annotation:

What's the best way to configure it to handle enctypes compatible with
MIT libkrb5?

Best Regards,
  Aleksander Adamowski

View raw message