Skip to main content

Scheduled Service Change: Enabling AES on Prod MIT KDC

Last Updated:
2011-09-15 00:00:00
Event:
2011-09-18 00:00:00
Status:
Closed
Brief Description:
User Impact:
Authentication requests will be handled by the backup KDC and hence there will be no outage for Authentication. Netid change password and netid creations will not work for the 2 sec outage.\n\nThe Cuweblogin change will have no outage.\n
Workaround:
There is no workaround for this issue
Current Status:
N/A
Services Affected:
Full Description:
We are enabling AES encryption type in the production MIT Kerberos so that cross realm authentication continues to work against production Active directory on windows 2008 R2.\n\nThis requires a restart of the KDC service. Restart takes less than 2 secs\n\nThis also requires a change in the krb5.conf file on CUWeblogin so that GuestID authentication continues to work.