Changing encryption values on i5/OS PASE Kerberos server

 

To operate with Windows® workstations, you need to change the Kerberos server default encryption settings so that clients can be authenticated to the i5/OS® PASE Kerberos server. To change the default encryption settings, you need to edit the kdc.conf file located in the /var/krb5/krb5kdc directory by following these steps:

  1. In a character-based interface, enter edtf '/var/krb5/krb5kdc/kdc.conf' to access the kdc.conf file.

  2. Change the following lines in the kdc.conf file: 
    supported_enctypes = des3-cbc-sha1:normal 
arcfour-hmac:normal aes256-cts:normal 
des-cbc-md5:normal des-cbc-crc:normal
    to 
    supported_enctypes = des-cbc-crc:normal des-cbc-md5:normal

 

Parent topic:

Scenario: Setting up cross-realm trust
Previous topic: Creating a cross-realm trust principal on the i5/OS PASE Kerberos server
Next topic: Configuring the Windows 2000 server to trust SHIPDEPT.MYCO.COM