Adding encryption settings

You can select the encryption types for ticket-granting tickets (TGT) and ticket-granting service (TGS).

Encryption hides data that flows across a network by making it unidentifiable. A client encrypts data and the server decrypts it. To ensure that encryption works correctly, you must use the same encryption type that is specified on the Kerberos server or the other communicating application. If these encryption types do not match, encryption fails. You can add encryption values for both TGT and TGS.
Note: The default encryption values for the TGT and TGS are des-cbc-crc and des-cbc-md5. During configuration, default encryption values are set. You can add other encryption values for tickets to the configuration by completing these steps:
  1. In System i® Navigator, expand your system > Security.
  2. Right-click Network Authentication Service and select Properties.
  3. On the Tickets page, select the encryption value from either the Ticket Granting Ticket or the Ticket Granting Service list of available encryption types.
  4. Click either Add Before or Add After to add the encryption type to the list of selected encryption types. Each of these selected encryption types will be attempted in the order they are listed. If one encryption type fails, the next one in the list will be attempted.
  5. Click OK.
Parent topic: Managing network authentication service