HP XP P9000 Command View Advanced Edition Suite Software 7.6.1-00 Administrator Guide
hcmdsradiussecret -set "secret01\\" -name ServerName
Encryption types for Kerberos authentication
Configure the Kerberos server so that the encryption types supported by P9000 Command View AE
Suite products can be used.
In P9000 Command View AE Suite products, the encryption types listed below can be used for
Kerberos authentication.
If the management server OS is Windows:
• AES256-CTS-HMAC-SHA1-96
• AES128-CTS-HMAC-SHA1-96
• RC4-HMAC
• DES3-CBC-SHA1
• DES-CBC-CRC
• DES-CBC-MD5
If the management server OS is Linux:
• AES128-CTS-HMAC-SHA1-96
• RC4-HMAC
• DES3-CBC-SHA1
• DES-CBC-CRC
• DES-CBC-MD5
Note that, if the OS of the external authentication server is Windows Server 2008, Windows Server
2008 R2, or Windows Server 2012 and the environment meets both of the following conditions, user
authentication might not work properly:
• The domain functional level on the external authentication server is set to Windows Server 2003
or Windows 2000.
• The OS of the management server supports AES128-CTS encryption.
For example, even if the domain functional level of Active Directory is set to Windows Server 2003
or Windows 2000, in either of the following cases, the corresponding user cannot be authenticated
via Active Directory:
• A user existing before an Active Directory system was built is migrated to the Active Directory
system, which has a domain functional level of Windows Server 2003, and then the user's password
is changed.
• An Active Directory system built in Windows Server 2003 is migrated to an Active Directory system
built in Windows Server 2008 or Windows Server 2012 with a domain functional level of Windows
Server 2003, and then a user's password is changed.
In this case, change the default_tkt_enctypes property setting in the exauth.properties
file as follows:
auth.kerberos.default_tkt_enctypes=rc4-hmac
Administrator Guide 157