[libdefaults]
settings in krb5.conf willaffect how enctypes are chosen.enctype | weak? | krb5 | Windows |
---|---|---|---|
des-cbc-crc | weak | <1.18 | >=2000 |
des-cbc-md4 | weak | <1.18 | ? |
des-cbc-md5 | weak | <1.18 | >=2000 |
des3-cbc-sha1 | >=1.1 | none | |
arcfour-hmac | >=1.3 | >=2000 | |
arcfour-hmac-exp | weak | >=1.3 | >=2000 |
aes128-cts-hmac-sha1-96 | >=1.3 | >=Vista | |
aes256-cts-hmac-sha1-96 | >=1.3 | >=Vista | |
aes128-cts-hmac-sha256-128 | >=1.15 | none | |
aes256-cts-hmac-sha384-192 | >=1.15 | none | |
camellia128-cts-cmac | >=1.9 | none | |
camellia256-cts-cmac | >=1.9 | none |
Parameter | Description |
---|---|
-lh | Denotes the high part of the user's locally unique identifier (LUID), expressed in hexadecimal. If neither –lh or –li are present, the command defaults to the LUID of the user who is currently signed in. |
-li | Denotes the low part of the user's locally unique identifier (LUID), expressed in hexadecimal. If neither –lh or –li are present, the command defaults to the LUID of the user who is currently signed in. |
tickets | Lists the currently cached ticket-granting-tickets (TGTs), and service tickets of the specified logon session. This is the default option. |
tgt | Displays the initial Kerberos TGT. |
purge | Allows you to delete all the tickets of the specified logon session. |
sessions | Displays a list of logon sessions on this computer. |
kcd_cache | Displays the Kerberos constrained delegation cache information. |
get | Allows you to request a ticket to the target computer specified by the service principal name (SPN). |
add_bind | Allows you to specify a preferred domain controller for Kerberos authentication. |
query_bind | Displays a list of cached preferred domain controllers for each domain that Kerberos has contacted. |
purge_bind | Removes the cached preferred domain controllers for the domains specified. |
kdcoptions | Displays the Key Distribution Center (KDC) options specified in RFC 4120. |
/? | Displays Help for this command. |