directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aleksander Adamowski <apache-direct...@olo.org.pl>
Subject Default encryptionTypes for KdcServer
Date Sat, 14 Jan 2012 21:34:31 GMT
Hi!

While working on my experimental KrbLDAP implementation (see the
thread on MIT krbdev list:
http://mailman.mit.edu/pipermail/krbdev/2012-January/010641.html),
I've discovered that KdcServer by default supports a very limited set
of encryption types consisting only of des-cbc-md5.

MIT's libkrb5, on the other hand, by default requires one of 4
enctypes, which doesn't include the ApacheDS's default:
aes256-cts-hmac-sha1-96 (18),
aes128-cts-hmac-sha1-96 (17),
des3-cbc-sha1-kd (16),
rc4-hmac (23)

Is this choice made on purpose?

In my experimental integration test, I'm creating the KdcServer using
the @CreateKdcServer annotation:
https://github.com/aadamowski/apacheds-krbldap-test/blob/master/src/test/java/pl/org/olo/krbldap/apacheds/test/KrbLdapIntegrationTest.java

What's the best way to configure it to handle enctypes compatible with
MIT libkrb5?


-- 
Best Regards,
  Aleksander Adamowski
  http://olo.org.pl

Mime
View raw message