Encryption Types

Kerberos supports several types of encryption for securing session keys and the tickets. The type used for a particular ticket or session key is automatically negotiated when you request a ticket or a service.

• When encrypting tickets, the Key Distribution Center (KDC) for your Kerberos installation checks for an encryption type that is shared by both the KDC and the service you are attempting to use.
• When encrypting session keys, the KDC checks for an encryption type shared by the KDC, the service, and the client requesting the session (you).

Weak Encryption Types

In the table of Encryption Types below, some encryption types are noted as weak. Most of them are encryption types that used to be strong but now, with more computing power available, are considered weak and therefore undesirable. However, they are still sometimes used for backwards compatibility. If Kerberos is installed in a network that contains some older machines running operating systems that do not support the newer encryption types, administrators can choose to allow the weaker encryption when connecting to the older machines.

Back to Top

View Encryption Types

1. Click the Options tab and find the View Options panel.
2. Click the Encryption Type checkbox to select it. This opens the Encryption Type column in the main window, showing the encryption type associated with each of your tickets and session keys.
   How to: Use Ticket Options Panel
3. Click and drag the line to the right of the Encryption Type column header to widen the column enough to see both the ticket and session key.
4. Click the blue triangle to the left of a principal name to see all tickets and session keys issued to that principal. Each ticket and key will have an entry in the Encryption type column.
   How to: View Tickets

Back to Top

Supported Encryption Types

Back to Top

Related Help

• View tickets
• Kerberos Terminology: Tickets