All, My apologies if I'm posting to the wrong group or not having much detail.
I have someone running z/OS V1R13 on a z10 BC that I will be upgrading soon but, was asked to implement stronger encryption for them to test / prepare, in the interim. They currently use DES. Note - the KDC is on *nix. I am hoping that someone knowledgeable / experienced with AES counter mode implementation and usage can give me some direction / pointers and / or, advice on implementing AES counter mode ciphers alongside DES (and others), for their existing batch FTP jobs. I tried a test FTP (batch), after adding 'aes256-ctr,aes128-ctr' ahead of all other ciphers (the entire list from aes256-cts-..... des-cbc-crc) to /etc/skrb/krb5.conf, but GSSAPI complained of a 'syntax error'. More than likely, one mistake I'd made was that I updated both 'default_tgs_enctypes' and 'default_tkt_enctypes' to have the entire list of encryption types. My attempts were not able to get around it. I was also not able to find anything specific or unique, about coding the two variables in krb5.conf. I have found a lot of doc on implementing / using, most all other encryption types but very few that were really helpful about AES counter mode and even less, about having AES counter mode with weaker ciphers, included in the list. Any and all direction and / or advise, would be greatly appreciated. Kind Regards Jim Thomas ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
