Monday, 23 April 2018

Kerberos Key Distribution Centre (KDC) Encryption Types

I'm tinkering with Kerberos and SPNEGO again, in the context of integrating WebSphere Application Server (WAS) and Active Directory together.

This time I'm using WAS 8.5.5.13 and AD 2012.

Looking at the command that generates the Kerberos configuration within WAS: -

AdminTask.createKrbConfigFile("[-krbPath /opt/ibm/WebSphere/AppServer/java/jre/lib/security/krb5.conf -realm UK.IBM.COM -kdcHost ad2012.uk.ibm.com.com -dns uk.ibm.com -keytabPath /home/wasadmin/bpm857.keytab -encryption des3-cbc-sha1]")

I started to wonder about the -encryption switch: -



Looking here: -


prompted me to dig into Windows a bit more.

As per the above link, one place to check the supported Encryption Types is the User Account: -


so, if I so choose, I can lock down the encryption types in one of many ways ...

No comments: