|
»
»
listing encryption types supported by a kdc
|
View:
New views
6 Messages
—
Rating Filter:
Alert me
|
 |
listing encryption types supported by a kdc
by guillomovitch
::
Rate this Message:
Hello list.
Is there a way to enumerate all encryption types supported by a kdc ? It would help creating a nice programmable completion for command-line tools :) -- Guillaume Rousse Moyens Informatiques - INRIA Futurs Tel: 01 69 35 69 62 |
|
|
Re: listing encryption types supported by a kdc
by Henry B. Hotz
::
Rate this Message:
Do you mean:
1) supported for a specific principal entry? (could probe with kgetcred) 2) support configured in deployment? ([kdamin] default_keys entry) 3) supportable by the compiled libraries? (usually in the man pages somewhere) On Jul 16, 2008, at 7:51 AM, Guillaume Rousse wrote: > Hello list. > > Is there a way to enumerate all encryption types supported by a > kdc ? It would help creating a nice programmable completion for > command-line tools :) > -- > Guillaume Rousse > Moyens Informatiques - INRIA Futurs > Tel: 01 69 35 69 62 ------------------------------------------------------ The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government. Henry.B.Hotz@..., or hbhotz@... |
|
|
Re: listing encryption types supported by a kdc
by guillomovitch
::
Rate this Message:
Henry B. Hotz a écrit :
> Do you mean: > > 1) supported for a specific principal entry? (could probe with kgetcred) > 2) support configured in deployment? ([kdamin] default_keys entry) > 3) supportable by the compiled libraries? (usually in the man pages > somewhere) That's just for intelligent command line completion, so 3 would be enough already, but I can't find the correct man page (grepping arcfour through /usr/share/man/man3/ didn't returned anything). Retrieving 2 dynamically from command line would be even better (something as kadmin --get-encodings, for instance). -- Guillaume Rousse Moyens Informatiques - INRIA Futurs Tel: 01 69 35 69 62 |
|
|
Re: listing encryption types supported by a kdc
by Henry B. Hotz
::
Rate this Message:
On Jul 17, 2008, at 1:55 AM, Guillaume Rousse wrote: > Henry B. Hotz a écrit : >> Do you mean: >> 1) supported for a specific principal entry? (could probe with >> kgetcred) >> 2) support configured in deployment? ([kdamin] default_keys entry) >> 3) supportable by the compiled libraries? (usually in the man >> pages somewhere) > That's just for intelligent command line completion, so 3 would be > enough already, but I can't find the correct man page (grepping > arcfour through /usr/share/man/man3/ didn't returned anything). > > Retrieving 2 dynamically from command line would be even better > (something as kadmin --get-encodings, for instance). Well, if it helps for 3): 0.6 des-cbc-mcrc, des-cbc-md4, des-cbc-md5, des3-cbc-sha1 0.6.later above + arcfour-hmac-md5 (not sure the exact 0.6 subversion) 0.7+ above + aes128-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96 ------------------------------------------------------ The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government. Henry.B.Hotz@..., or hbhotz@... |
|
|
Re: listing encryption types supported by a kdc
by Henry B. Hotz
::
Rate this Message:
On Jul 17, 2008, at 9:07 AM, Henry B. Hotz wrote: > > On Jul 17, 2008, at 1:55 AM, Guillaume Rousse wrote: > >> Henry B. Hotz a écrit : >>> Do you mean: >>> 1) supported for a specific principal entry? (could probe with >>> kgetcred) >>> 2) support configured in deployment? ([kdamin] default_keys entry) >>> 3) supportable by the compiled libraries? (usually in the man >>> pages somewhere) >> That's just for intelligent command line completion, so 3 would be >> enough already, but I can't find the correct man page (grepping >> arcfour through /usr/share/man/man3/ didn't returned anything). >> >> Retrieving 2 dynamically from command line would be even better >> (something as kadmin --get-encodings, for instance). > > Well, if it helps for 3): > > 0.6 des-cbc-mcrc, des-cbc-md4, des-cbc-md5, des3-cbc-sha1 > 0.6.later above + arcfour-hmac-md5 (not sure the exact 0.6 > subversion) > 0.7+ above + aes128-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96 Well, if you're feeling ambitious, but don't want to modify the kadmin protocol, and can assume that the user has kadmin rights, then: you could create a new dummy principal, probe it with kgetcred to see what enctypes it included, and then delete it. That would get you 2). I don't actually recommend that. ;-) ------------------------------------------------------ The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government. Henry.B.Hotz@..., or hbhotz@... |
|
|
Re: listing encryption types supported by a kdc
by MaheshU
::
Rate this Message:
Hi,
I am also looking at getting the encryption types supported by kdc. So, Please elaborate on how this can be done programmatically. Thanks
|
| Free embeddable forum powered by Nabble | Forum Help |
