[
https://issues.apache.org/jira/browse/SLIDER-1057?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15097087#comment-15097087
]
Steve Loughran commented on SLIDER-1057:
----------------------------------------
This is there,
{code}
int aesLen = Cipher.getMaxAllowedKeyLength("AES");
println("Maximum AES encryption key length %d", aesLen);
failif (aesLen < 256,
"Java Cryptography Extensions are not installed on this JVM."
+" Kerberos will not work.");
{code}
I think all we need to do is add a wiki entry in the URL to tell people what to
do.
> Kdiag: dump and tell if AES 256 is enabled or not
> -------------------------------------------------
>
> Key: SLIDER-1057
> URL: https://issues.apache.org/jira/browse/SLIDER-1057
> Project: Slider
> Issue Type: Improvement
> Reporter: Kai Zheng
>
> This would improve Kdiag tool allowing it to dump relevant information and
> tell if AES 256 is enabled or not on the host. If not, prompt users to
> install the JCE Policy File according to [JCE Unlimited Strength Jurisdiction
> Policy
> File|http://www.oracle.com/technetwork/java/javase/downloads/index.html].
> This is important because a common issue when deploying Kerberos is, AES-256
> encryption type is configure and used in {{krb5.conf}}, but in JRE AES-256
> isn't enabled by default in a typical Oracle Java installation.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
