Kerberos Mechanism - Supported MAX_SSF
Sorabh Hamirwasia
shamirwasia at mapr.com
Wed Feb 8 20:32:18 EST 2017
Hi,
It looks to me (from [1]) that we only support max_ssf of 56 (i.e. DES-56) with GSSAPI implementation of Kerberos in Cyrus SASL. Can someone please confirm on this ? I am looking for AES 256 bit encryption with Kerberos mechanism. If that's not supported is there any plan for supporting it ? Please advice.
[1]https://svn.apache.org/repos/asf/subversion/trunk/notes/sasl.txt
The realm in svnserve.conf is your Kerberos authentation realm, e.g. "EXAMPLE.COM". Cyrus's GSSAPI implementation does not support encryption, except for very basic 56-bit DES. If you leave the encrypt settings out of your svnserve.conf entirely, you're fine; just don't set max-encryption higher than 56.
Thanks,
Sorabh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20170209/8342c0f8/attachment.html>
More information about the Cyrus-sasl
mailing list