Linux in AD: Supported enctypes for Windows 2003 AD

Question

In the MIT Kerberos implementation that comes with most Linux distributions, I can define what encryption type I want to use for ticket requests. I am not a Windows guy, but apparently, Kerberos as a whole offers a lot of options here and Windows AD only offers a subset of these.

Does anyone know the enctypes a current Windows 2003 Enterprise domain controller would accept and provide? I don't seem to be able to find a definitive list of this.

Update: I have been able distill that Windows does not support 3DES. And even though MS TechNet says Unix clients generally do not support RC4, even my RHEL3 clients do so nicely.

score 2 · Accepted Answer · answered Jun 26 '09 at 10:52

2

From technet : Logon and authentication

Encryption Algorithm Key Length

RC4-HMAC 128

DES-CBC-CRC 56

DES-CBC-MD5 56

This isn't specifically about the ticket requests, however I suppose these are the algorithms used for these too.

answered Jun 26 '09 at 10:52

wazoox

6,782
4
30
62

score 1 · Answer 2 · answered Jun 26 '09 at 11:28

1

Wazoox is correct. Default I believe is using MD5.

answered Jun 26 '09 at 11:28

huntjp123

21
2

1

I'm pretty sure my Linux clients get ArcFour tickets and not DES. I would drop AD for our authentication like a hot potato if it would feed me DES all the time ;-) – wzzrd Jun 26 '09 at 12:01

Linux in AD: Supported enctypes for Windows 2003 AD

2 Answers2