Hey, You cannot mix any set of algorithms you want, but you need a predefined encryption type. Compare it to TLS' ciphersuites if you like. ` The standardised list is available on http://www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtml
The closest to what you are asking is aes256-cts-hmac-sha1-96; it uses a SHA1 hash cut off to a 96 bit prefix as a MAC, if I remember correctly. Chase the link if you need more detail / certainty. As far as I know, MIT Kerberos will use this encryption type by default. Can't speak for Heimdal, Shishi or AD. -Rick ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
