Monday, 23 April 2018

Kerberos Key Distribution Centre (KDC) Encryption Types

I'm tinkering with Kerberos and SPNEGO again, in the context of integrating WebSphere Application Server (WAS) and Active Directory together.

This time I'm using WAS and AD 2012.

Looking at the command that generates the Kerberos configuration within WAS: -

AdminTask.createKrbConfigFile("[-krbPath /opt/ibm/WebSphere/AppServer/java/jre/lib/security/krb5.conf -realm UK.IBM.COM -kdcHost -dns -keytabPath /home/wasadmin/bpm857.keytab -encryption des3-cbc-sha1]")

I started to wonder about the -encryption switch: -

Looking here: -

prompted me to dig into Windows a bit more.

As per the above link, one place to check the supported Encryption Types is the User Account: -

so, if I so choose, I can lock down the encryption types in one of many ways ...

No comments:

LinuxONE for Dummies

As more companies transform their infrastructures with hybrid cloud services, they require environments that protect the safety of their ...