Monday, 23 April 2018

Kerberos Key Distribution Centre (KDC) Encryption Types

I'm tinkering with Kerberos and SPNEGO again, in the context of integrating WebSphere Application Server (WAS) and Active Directory together.

This time I'm using WAS and AD 2012.

Looking at the command that generates the Kerberos configuration within WAS: -

AdminTask.createKrbConfigFile("[-krbPath /opt/ibm/WebSphere/AppServer/java/jre/lib/security/krb5.conf -realm UK.IBM.COM -kdcHost -dns -keytabPath /home/wasadmin/bpm857.keytab -encryption des3-cbc-sha1]")

I started to wonder about the -encryption switch: -

Looking here: -

prompted me to dig into Windows a bit more.

As per the above link, one place to check the supported Encryption Types is the User Account: -

so, if I so choose, I can lock down the encryption types in one of many ways ...

No comments:

Following up ... defining K8S Services using YAML

As a fup to this: - Playing with Kubernetes deployments and NodePort services life is SO much easier if I choose to define the service...