Tom Yu <t...@mit.edu> writes: > John Harris <har...@ucdavis.edu> writes:
>> If I just have aes256-cts:normal and rc4-hmac:normal listed in kdc.conf >> in the supported_enctypes field, I'm still able to create the >> des-cbc-crc:normal service principal I need. In fact, I can kinit -S >> for it and obtain it. My confusion lies in that I thought not having >> des-cbc-crc:normal in this configuration line meant the KDC wouldn't >> recognize or serve tickets for it. >> It'd be great to not have to put this in the config line so that later >> principals only get the aes256 and rc4 types on them, but I'm not >> understanding why I'm successfully obtaining a principal with only the >> des encryption type without adding it to this line. > The "supported_enctypes" configuration variable really means "default > list of enctype-salttype pairs for which the kadmin subsystem will > generate keys". The name is arguably misleading; if anyone has ideas > about a better name, please suggest one. default_enctypes, maybe? -- Russ Allbery (r...@stanford.edu) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos