Return-Path: X-Original-To: apmail-directory-dev-archive@www.apache.org Delivered-To: apmail-directory-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 2CF3FB1E7 for ; Sat, 14 Jan 2012 21:42:46 +0000 (UTC) Received: (qmail 19995 invoked by uid 500); 14 Jan 2012 21:42:45 -0000 Delivered-To: apmail-directory-dev-archive@directory.apache.org Received: (qmail 19922 invoked by uid 500); 14 Jan 2012 21:42:44 -0000 Mailing-List: contact dev-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Apache Directory Developers List" Delivered-To: mailing list dev@directory.apache.org Received: (qmail 19915 invoked by uid 99); 14 Jan 2012 21:42:44 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 14 Jan 2012 21:42:44 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of ayyagarikiran@gmail.com designates 209.85.210.178 as permitted sender) Received: from [209.85.210.178] (HELO mail-iy0-f178.google.com) (209.85.210.178) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 14 Jan 2012 21:42:40 +0000 Received: by iabz7 with SMTP id z7so7825122iab.37 for ; Sat, 14 Jan 2012 13:42:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type :content-transfer-encoding; bh=I1iNiUvsca115gXkJJquUlAnxEl0at2JDiIbm1nAj10=; b=TTpAmQh6a+CmP0dR33e6K8+XRnOmh0TF1sGYH1wDtuBPzcAy6CQP79XHL061TVPYiN DrMIipyoMMstukfMMHpQciCKU4eeZhZ4ecLY0SljXJgtppPgZkFIP6gDg+5UFBt2NYjP UApH1qJ14ZdBk2iSEkPm9jBpea7rRmEF7zMIs= MIME-Version: 1.0 Received: by 10.50.178.70 with SMTP id cw6mr4497022igc.4.1326577339472; Sat, 14 Jan 2012 13:42:19 -0800 (PST) Sender: ayyagarikiran@gmail.com Received: by 10.231.195.76 with HTTP; Sat, 14 Jan 2012 13:42:19 -0800 (PST) In-Reply-To: References: Date: Sun, 15 Jan 2012 03:12:19 +0530 X-Google-Sender-Auth: SVTraY71fVjD1QHyJUMzWCCeV94 Message-ID: Subject: Re: Default encryptionTypes for KdcServer From: Kiran Ayyagari To: Apache Directory Developers List Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable you can call kdcServer.setEncryptionTypes() (with an array or set of EncryptionTypeS) note that, this method should be called from a non-static method (typically from the setup method or the one having @Before annotation) calling it from static method might likely result in a null pointer except= ion. Let me know if you have any issues HTH On Sun, Jan 15, 2012 at 3:04 AM, Aleksander Adamowski wrote: > Hi! > > While working on my experimental KrbLDAP implementation (see the > thread on MIT krbdev list: > http://mailman.mit.edu/pipermail/krbdev/2012-January/010641.html), > I've discovered that KdcServer by default supports a very limited set > of encryption types consisting only of des-cbc-md5. > > MIT's libkrb5, on the other hand, by default requires one of 4 > enctypes, which doesn't include the ApacheDS's default: > aes256-cts-hmac-sha1-96 (18), > aes128-cts-hmac-sha1-96 (17), > des3-cbc-sha1-kd (16), > rc4-hmac (23) > > Is this choice made on purpose? > > In my experimental integration test, I'm creating the KdcServer using > the @CreateKdcServer annotation: > https://github.com/aadamowski/apacheds-krbldap-test/blob/master/src/test/= java/pl/org/olo/krbldap/apacheds/test/KrbLdapIntegrationTest.java > > What's the best way to configure it to handle enctypes compatible with > MIT libkrb5? > > > -- > Best Regards, > =A0 Aleksander Adamowski > =A0 http://olo.org.pl --=20 Kiran Ayyagari