On Sat, 2012-02-25 at 09:35 -0500, John Dennis wrote: > On 02/25/2012 09:20 AM, Simo Sorce wrote: > > Use -e to see what enctypes are reported. > > Is this difference in any way related to s4u2proxy or did the extra > enctypes show up because we upgraded Kerberos and picked up other > unrelated behavior at the same time.
No, the contents of the keytab have nothing to do with day to day operations. Tickets and TGTs are stored in your ccache. > Why do we now have all these enctypes? Is it to satify forwarding/proxy > when you don't know a prori which enctype the foreign endpoint will require? Because in kerberos each principal can have multiple keys, generally one per supported (by the KDC) enctype. This is so that a client can use the strongest enctype it has crypto support for. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users