Difference between revisions of "Projects/Enctype config enhancements"
From K5Wiki
< Projects
(New page: {{project-early}} Provide a means of specifying inclusions and exclusions in the configuration variables that are lists of enctypes. At present, the only way to specify a non-default enct...) |
(No difference)
|
Revision as of 14:10, 29 January 2009
This is an early stage project for MIT Kerberos. It is being fleshed out by its proponents. Feel free to help flesh out the details of this project. After the project is ready, it will be presented for review and approval.
Provide a means of specifying inclusions and exclusions in the configuration variables that are lists of enctypes. At present, the only way to specify a non-default enctype list is to explicitly list every enctype. This means that a configuration file with such an explicit list will inherently become out of date when future software releases update the default enctype lists.
One example is
permitted_enctypes = DEFAULT +des-cbc-crc
or
permitted_enctypes = DEFAULT -arcfour-hmac
where DEFAULT
designates the default set of enctypes.
The OpenSSL cipher list format could be one option, but it is probably too complicated for this purpose.