Monday, 23 April 2018

Kerberos Key Distribution Centre (KDC) Encryption Types

I'm tinkering with Kerberos and SPNEGO again, in the context of integrating WebSphere Application Server (WAS) and Active Directory together.

This time I'm using WAS and AD 2012.

Looking at the command that generates the Kerberos configuration within WAS: -

AdminTask.createKrbConfigFile("[-krbPath /opt/ibm/WebSphere/AppServer/java/jre/lib/security/krb5.conf -realm UK.IBM.COM -kdcHost -dns -keytabPath /home/wasadmin/bpm857.keytab -encryption des3-cbc-sha1]")

I started to wonder about the -encryption switch: -

Looking here: -

prompted me to dig into Windows a bit more.

As per the above link, one place to check the supported Encryption Types is the User Account: -

so, if I so choose, I can lock down the encryption types in one of many ways ...

No comments:

MainframerZ meetup at Lloyds - Tuesday 19 March 2019 - See you there

Having recently moved into the IBM Z development organisation, as mentioned before: - New day, new job - more of the same, but in a VER...