[Freeipa-users] Strange klist output
John Dennis
jdennis at redhat.com
Sat Feb 25 16:35:27 UTC 2012
On 02/25/2012 09:40 AM, Simo Sorce wrote:
>> Why do we now have all these enctypes? Is it to satify forwarding/proxy
>> when you don't know a prori which enctype the foreign endpoint will require?
>
> Because in kerberos each principal can have multiple keys, generally one
> per supported (by the KDC) enctype. This is so that a client can use the
> strongest enctype it has crypto support for.
Sure, that makes sense. But this is new behavior, what changed?
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list