Changing encryption values on Kerberos server

 

To operate with Windows® workstations, the Kerberos server default encryption settings need to be changed so that clients can be authenticated to the i5/OS® PASE Kerberos server. To change the default encryption settings, you need to edit the kdc.conf file located in the/etc/krb5 directory by following these steps:

  1. In a character-based interface, enter edtf '/var/krb5/krb5kdc/kdc.conf' to access the kdc.conf file.

  2. Change the following lines in the kdc.conf file: 
    supported_enctypes = des3-cbc-sha1:normal 
arcfour-hmac:normal aes256-cts:normal 
des-cbc-md5:normal des-cbc-crc:normal
    to 
    supported_enctypes = des-cbc-crc:normal des-cbc-md5:normal

 

Parent topic:

Configuring a Kerberos server in i5/OS PASE
Next topic: Stopping and restarting the Kerberos server