Can DES encryption for Kerberos-based communication be disabled on a CIFS server?
Applies to
- ONTAP 9
- CIFS
- Kerberos
- Data Encryption Standard (DES)
- Domain Controller (DC)
Answer
- Yes, this is possible, depending on the ONTAP 9 version
- Look at RFE 1438811 (configure CIFS Kerberos permitted encryption types)
- Can I disable RC4 encryption for Kerberos-based communication
Additional Information
- ONTAP Requirements for CIFS Kerberos
- Configure strong security for Kerberos-based communication by using AES encryption
- What Kerberos Encryption Types are supported with NAS protocols for ONTAP 9?
- Manage SMB server security settings ONTAP 9
- Can I disable RC4 for AES encryption for Kerberos-based communication?
- CIFS password change fails silently leading to secd: secd.kerberos.preauth:error after Microsoft April 2022 Hotfixes
- Command "cifs domain password schedule" fails with "secd.kerberos.preauth"