This procedure completely disables the use of the arcfour-hmac and des3-cbc-sha1 encryption types.
Caution - This procedure breaks interoperability for deployments that join Oracle Solaris systems to domains and forests that are using weaker encryption. |
Modify the permitted encryption types in the [libdefaults] section of the krb5.conf file.
kdc # cd /etc/krb5 kdc # pfedit krb5.conf [libdefaults] ... permitted_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96
Modify the default encryption types in the [libdefaults] section of the krb5.conf file.
Kerberos-client # cd /etc/krb5 Kerberos-client # pfedit krb5.conf [libdefaults] ... default_tgs_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 default_tkt_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96