Russ Allbery, Fri Jul 10 2009 19:24:52 GMT+0200 (CEST):
> Peter Jordan <usernetw...@gmx.info> writes:
>> Russ Allbery, Fri Jul 10 2009 16:31:14 GMT+0200 (CEST):
>
>
>> But for new installations a change is not a bad idea?
>
> Yeah, for new installations it's generally best to start the master key
> at the strongest supported key type. MIT 1.7 supports rekeying, though,
> which makes things much simpler.
>
>
>> How can i see that the change has worked?
>
> klist -e will show you the enctypes of the tickets in your cache. You
> can also check the enctypes of the tickets issued by the KDC in the KDC
> logs, although those are numeric and a bit less easy to understand.
>
hmmm, although i have set supported enctypes
supported_enctypes = aes256-cts:normal
and restarted kdc nothing seens to have changed.
After calling "kinit" klist -5e show me:
Etype (skey, tkt): Triple DES cbc mode with HMAC/sha1, Triple DES cbc
mode with HMAC/sha1
PJ
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
