[ https://issues.apache.org/jira/browse/SLIDER-1057?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15097087#comment-15097087 ]
Steve Loughran commented on SLIDER-1057: ---------------------------------------- This is there, {code} int aesLen = Cipher.getMaxAllowedKeyLength("AES"); println("Maximum AES encryption key length %d", aesLen); failif (aesLen < 256, "Java Cryptography Extensions are not installed on this JVM." +" Kerberos will not work."); {code} I think all we need to do is add a wiki entry in the URL to tell people what to do. > Kdiag: dump and tell if AES 256 is enabled or not > ------------------------------------------------- > > Key: SLIDER-1057 > URL: https://issues.apache.org/jira/browse/SLIDER-1057 > Project: Slider > Issue Type: Improvement > Reporter: Kai Zheng > > This would improve Kdiag tool allowing it to dump relevant information and > tell if AES 256 is enabled or not on the host. If not, prompt users to > install the JCE Policy File according to [JCE Unlimited Strength Jurisdiction > Policy > File|http://www.oracle.com/technetwork/java/javase/downloads/index.html]. > This is important because a common issue when deploying Kerberos is, AES-256 > encryption type is configure and used in {{krb5.conf}}, but in JRE AES-256 > isn't enabled by default in a typical Oracle Java installation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)