Projects/Enctype config enhancements
From K5Wiki
< Projects
Revision as of 13:10, 29 January 2009 by TomYu (talk | contribs) (New page: {{project-early}} Provide a means of specifying inclusions and exclusions in the configuration variables that are lists of enctypes. At present, the only way to specify a non-default enct...)
This is an early stage project for MIT Kerberos. It is being fleshed out by its proponents. Feel free to help flesh out the details of this project. After the project is ready, it will be presented for review and approval.
Provide a means of specifying inclusions and exclusions in the configuration variables that are lists of enctypes. At present, the only way to specify a non-default enctype list is to explicitly list every enctype. This means that a configuration file with such an explicit list will inherently become out of date when future software releases update the default enctype lists.
One example is
permitted_enctypes = DEFAULT +des-cbc-crc
or
permitted_enctypes = DEFAULT -arcfour-hmac
where DEFAULT designates the default set of enctypes.
The OpenSSL cipher list format could be one option, but it is probably too complicated for this purpose.
