-
Sub-task
-
Resolution: Delivered
-
P3
-
11
-
Verified
The Kerberos 5 encryption types of `aes128-cts-hmac-sha256-128` and `aes256-cts-hmac-sha384-192` defined in RFC 8009 are supported. These encryption types are enabled by default. The default order of preference is
"`aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 des3-cbc-sha1 arcfour-hmac-md5 des-cbc-crc des-cbc-md5`."
Users can use the `default_tkt_enctypes` and `default_tgs_enctypes` settings in the `krb5.conf` file to modify the list.
"`aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 des3-cbc-sha1 arcfour-hmac-md5 des-cbc-crc des-cbc-md5`."
Users can use the `default_tkt_enctypes` and `default_tgs_enctypes` settings in the `krb5.conf` file to modify the list.