Hey there. My org is moving off 3des. My reading of "supported_enctypes" is simply that it will stop kadmin/the KDC from generating NEW keys of an older type, correct? That if I do a cpw without -keepold, those keys will be removed -- but otherwise, the KDC will not act as though a user with 3des-only keys doesn't exist.
Changing it should not break any authentication or tickets? Or will the kdc then refuse to issue TGT's that use that type at all? (It seems like that would be affected by the similarly named permitted_enctypes, tho). -Dan -- --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC FB: fb.com/DanielMahoneyIV LI: linkedin.com/in/gushi Site: http://www.gushi.org --------------------------- ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
