| Enrique Rodriguez (JIRA) 2007-05-22, 1:11 am |
|
[ https://issues.apache.org/jira/brow...ls:all-tabpanel ]
Enrique Rodriguez closed DIRSERVER-153.
---------------------------------------
Resolution: Fixed
Made encryption system selection configurable on revision r540371.
One or more encryption types can be listed in the encryption types property, whitespace-delimited, first type on the left is most preferred. For example, using pre-1.5.1 configuration:
<prop key="kdc.encryption.types">aes256-cts-hmac-sha1-96</prop>
.... or ...
<prop key="kdc.encryption.types">aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1-kd des-cbc-md5</prop>
AES-256 requires the installation of "unlimited strength" policy, available from the VM vendor.
URL: http://svn.apache.org/viewvc?view=rev&rev=540371
> Make encryption system selection configurable
> ---------------------------------------------
>
> Key: DIRSERVER-153
> URL: https://issues.apache.org/jira/browse/DIRSERVER-153
> Project: Directory ApacheDS
> Issue Type: New Feature
> Components: kerberos
> Reporter: Enrique Rodriguez
> Assigned To: Enrique Rodriguez
> Priority: Minor
> Fix For: 1.5.1
>
>
> Right now encryption system selection is performed by the KDC services based on the client request and the encryption systems available to the KDC. This needs to be configurable external to the KDC and, ideally, determined once, up-front, in service ex
ecution so a suitable exception can be thrown as soon as possible if the desired encryption system is not supported.
> Also, usage of the EncryptionType should be replaced with an actual EncryptionSystem.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
|