Jump to content

does spotfire support multiple algorithm in keytab ?

Chunlai Tao

Recommended Posts

Yes, It is possible to use multiple crypto algorithms. The simplest way is to use Crypto parameter with the value "all" and define the encryption types in krb5.conf file. Below is the example of ktpass command to create the Keytab and krb5.conf file.

Command to create Keytab

ktpass /princ HTTP/spotfireserver.test.com@TEST.COM /ptype krb5_nt_principal /

crypto all /out spotfire-database.keytab  -kvno 0 /pass Passw0rd


default_tkt_enctypes = aes128-cts,aes256-cts

default_tgs_enctypes = aes128-cts,aes256-cts

Also make a note that The des3-hmac-sha1 and rc4-hmac Kerberos encryption types (etypes) are now deprecated and disabled by default in Java 17.


Link to comment
Share on other sites

  • 1 month later...

HI Amresh

first thank you for your reply, hope everything is going well, i found this word from Tibco 10.10 website


it says: crypto algorithmCan be one of  aes128-sha1 or aes256-sha1. Make sure that the selected crypto algorithm is also specified in the krb5.conf file.

why it does not have "all" option? if all is working, what is "Key Type" value while run klist.exe -e spotfire.keytab ?

thank you for you help


Link to comment
Share on other sites

Hello @Chunlai Tao​ 

You can refer to the Microsoft document which says "All" can be used for "Crypto" parameter. "All" States that all supported cryptographic types can be used.


For example, if you have used AES128 and AES256 encryption types in krb5.conf the Kerberos ticket will be issued by negotiating on any one of the encryption algorithms.

ktpass -e will show you which encryption type was used for generating the credential cache.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...