Add support for sha-2 and sha3 in Supported Kerberos Encryption Types

Copper Contributor

https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/decrypting-the-selection-of-...

 

https://web.mit.edu/kerberos/krb5-devel/doc/admin/enctypes.html#enctype-compatibility

 

It seems like `aes128-cts-hmac-sha256-128` and `aes256-cts-hmac-sha384-192` are supported by other Kerberos implimentations, but not yet supported by Windows Server.

 

Can those be added to Windows Server?

 

Also can you please think about adding sha-3 based ones too?

1 Reply
aes128-cts-hmac-sha256-128 and aes256-cts-hmac-sha384-192 is coming with Windows Server 2025.
https://learn.microsoft.com/en-us/windows-server/get-started/whats-new-windows-server-2025