| Encryption types | Specification | Active Directory version | Authentication Services version |
|---|---|---|---|
| KERB_ENCTYPE_DES_CBC_CRC | |||
| CRC32 | RFC 3961 | All | All |
| KERB_ENCTYPE_DES_CBC_MD5 | |||
| RSA-MD5 | RFC 3961 | All | All |
| KERB_ENCTYPE_RC4_HMAC_MD5 | |||
| RC4-HMAC-MD5 | RFC 4757 | All | All |
| KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96 | |||
| HMAC-SHA1-96-AES128 | RFC 3961 | Windows Server 2008 + | 3.3.2+ |
| KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96 | |||
| HMAC-SHA1-96-AES256 | RFC 3961 | Windows Server 2008 + | 3.3.2+ |
you can modify the currently used encryption types in vas.conf by using the following command line:
# /opt/quest/bin/vastool configure vas libdefaults default_etypes "list-of-enctypes"
Be sure to include the enctypes that you want above, and do not use "list-of-enctypes". If you do, it will change the value in vas.conf to this:
[libdefaults]
default_etypes = "list-of-enctypes"
Example enabling RC4 and AES:
# /opt/quest/bin/vastool configure vas libdefaults default_etypes aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5
Changes are immediate, and the vasd process does not need a restart.