allow_weak_crypto for Kerberos

I just added allow_weak_crypto support in OpenJDK. With this property set to false, des-cbc-md5 and des-cbc-crc etypes are not supported, even if you include them i permitted_enctypes or default_{tkt|tgs}_enctypes settings.

Please note that in MIT krb5-1.8, the default value for this property is false, which means the DES-related enctypes are disabled out-of-box. In Java, we choose to keep it true for compatibility reasons, which we've always cared most.
Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

This blog has a comments managing system that requires me to approve each comment manually. Please do not re-post and I will reply it (if I have an answer) when I get pinged.

Search

Top Tags
Categories
Archives
« May 2015
SunMonTueWedThuFriSat
     
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
      
Today