Quick question related to Kerberos + AES256 + SHA2

Hi All, I have a quick question please.. Can we configure kerberos using AES256 and SHA2? If yes, can you please provide me some documentation or links so that I can try it out? Thanks, Prashanth Kerberos mailing list Kerberos@mit.edu

Re: kdb5_util fails to load propagated database under heavy load

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, > Nevermind, I was looking at the wrong function, and I see what's > wrong. The short description is that we acquire a non-blocking lock > when creating a DB, when we should be acquiring a blocking lock. I > have filed a pull request for the one

Re: Quick question related to Kerberos + AES256 + SHA2

Hey, You cannot mix any set of algorithms you want, but you need a predefined encryption type. Compare it to TLS' ciphersuites if you like. ` The standardised list is available on http://www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtml The closest to what you are asking is

RE: Quick question related to Kerberos + AES256 + SHA2

Hi Rick, Thank you so much for quick reply. I'll go through it now. Thanks, Prashanth -Original Message- From: kerberos-boun...@mit.edu [mailto:kerberos-boun...@mit.edu] On Behalf Of Rick van Rein Sent: Thursday, February 25, 2016 7:33 PM To: kerberos@mit.edu Subject: Re: Quick questio

Re: Quick question related to Kerberos + AES256 + SHA2

OK, Also note that the hash is not SHA1 but HMAC-SHA1, which is much stronger. I didn't make that clear before. -Rick Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos

RE: Quick question related to Kerberos + AES256 + SHA2

Yep. Got it! Thanks, Prashanth -Original Message- From: Rick van Rein [mailto:r...@openfortress.nl] Sent: Thursday, February 25, 2016 7:50 PM To: Prashanth Marampally Cc: kerberos@mit.edu Subject: Re: Quick question related to Kerberos + AES256 + SHA2 OK, Also note that the hash is not

Re: Quick question related to Kerberos + AES256 + SHA2

Not that the Kitten WG is working on standardizing new enctypes for AES +HMAC-SHA2, this is the latest draft: https://tools.ietf.org/html/draft-ietf-kitten-aes-cts-hmac-sha2-09 Although it will take a while before all the most common implementations will have support for it, and it may never land

RE: Quick question related to Kerberos + AES256 + SHA2

Hi Simo, Thanks for you reply and link. Looks like draft expires on July 28, 2016. Anyways, thanks for the update. Thanks, Prashanth -Original Message- From: Simo Sorce [mailto:s...@redhat.com] Sent: Thursday, February 25, 2016 9:10 PM To: Prashanth Marampally Cc: Rick van Rein; kerb

Re: Quick question related to Kerberos + AES256 + SHA2

The supported ecnryption types are tied to the kerberos release, which is tied to the OS release level by our distribution vendors. It is extremely rare for customers to be compiling / building kerberos on their own. http://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/krb5_conf.html#libdef

Re: Quick question related to Kerberos + AES256 + SHA2

Apologies everyone - this was a mixed up response by me. Please disregard my discussion on download and compile, I'm discussing a behavior by our install base, not the MIT user community. On Thu, Feb 25, 2016 at 9:13 AM, Todd Grayson wrote: > The supported ecnryption types are tied to the kerbe