cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AES256 for SSO keytab

Former Member

on ‎03-29-2014 5:23 PM

0 Kudos

I have set up silent SSO for Crystal Reports Server 2013 (essentially the same as BI 4.1) on Windows Server 2008 and it is working using the wedgetail parameter in the Java options in tomcat, and the following lines in the krb5.ini file:

default_tgs_enctypes = rc4-hmac

default_tkt_enctypes = rc4-hmac

The next step is to take the password out of the Java parameters and set up a keytab file, but the installation standard is to use AES 256 encryption. 

My questions are:
1. Is it possible to use AES encryption? I know it was not supported in the past, and
2. If AES can be used, what are the substitutions needed in krb5.ini and the ktpass command? (The ktpass command has a -crypto parameter with a value of AES256-SHA1 that I assume would be the one I need).



Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎03-31-2014 12:55 PM
0 Kudos

Hello,

I think That using AES encryption is not actually directly related to BI Business Objects version used,

but to the Domain controller system version used for BO AD authentication as explained in Cause

section of this KBA 1198748 - Active Directory (AD) authentication is not enabled even though it is configured for Java InfoView

Thanks and Regards,

Akram.

Show replies
Show replies
Former Member
‎03-31-2014 4:10 PM
0 Kudos

Thank you Akram; I get "Document is not released" after logging in to the support portal.

patelyogesh
Active Contributor
‎09-06-2016 3:24 PM
0 Kudos

Hello Charles,

You can look at my document located at :

Regards,

Yogesh

charles_ditrani3
Explorer
‎09-07-2016 5:41 PM
0 Kudos

Thanks for sharing that, Yogesh. That will come in handy when it comes time to implement SSO.

patelyogesh
Active Contributor
‎09-07-2016 6:14 PM
0 Kudos

Hello Charles,

You are very welcome.

If you able to fix your issue please close this question marking right answer so other community members can use the answer.

Thank you

Yogesh

charles_ditrani3
Explorer
‎09-07-2016 9:16 PM
0 Kudos

Sorry, I'm not seeing any way to mark as that as right answer - that post was created over 2 years ago with a different account. Maybe a moderator can mark it...

Ask a Question