Monday, 23 April 2018

Kerberos Key Distribution Centre (KDC) Encryption Types

I'm tinkering with Kerberos and SPNEGO again, in the context of integrating WebSphere Application Server (WAS) and Active Directory together.

This time I'm using WAS 8.5.5.13 and AD 2012.

Looking at the command that generates the Kerberos configuration within WAS: -

AdminTask.createKrbConfigFile("[-krbPath /opt/ibm/WebSphere/AppServer/java/jre/lib/security/krb5.conf -realm UK.IBM.COM -kdcHost ad2012.uk.ibm.com.com -dns uk.ibm.com -keytabPath /home/wasadmin/bpm857.keytab -encryption des3-cbc-sha1]")

I started to wonder about the -encryption switch: -



Looking here: -


prompted me to dig into Windows a bit more.

As per the above link, one place to check the supported Encryption Types is the User Account: -


so, if I so choose, I can lock down the encryption types in one of many ways ...
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Note to self - use kubectl to query images in a pod or deployment

In both cases, we use JSON ... For a deployment, we can do this: - kubectl get deployment foobar --namespace snafu --output jsonpath="{...