>How do I know which key types a service can support? >From the KDC's perspective, there is no way to know that; it falls upon the admin (you) to know that.
>Am I pretty much relegated to setting up a test KDC >and pointing test clients at it and then trial&error >for every single service/server/keytype combination >to see which ones work and which ones don't? > >Or is there some way I can just check, oh this server >app is linked against krb5-1.x.y and that supports >enctypes a, b & c? Is there even a list of which >release each enctype was first supported in? You could probably generate that yourself just by looking at a release history. You might even be able to write a small program that uses the krb5 API to determine which enctypes a particular Kerberos library supports. I don't think the number of enctypes you care about is large, is it? I mean, I think from a practical perspective what you care about 3DES, ArcFour, and AES. I would guess ArcFour and AES came in to MIT Kerberos around the same time. Might require a little bit of work looking at different releases, but it shouldn't take that long. --Ken ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
