Is Layer7 compatible with the keytab encryption aes256-cts-hmac-sha384-192?
A keytab with the encryption aes256-cts-hmac-sha384-192 and aes256-cts-hmac-sha1-96 was created with the same command but only the encryption aes256-cts-hmac-sha384-192 failed authentication in Layer7. Our Kerberos team prefers aes256-cts-hmac-sha384-192 but it isn’t required.
API Gateway 11.X
1. Edit the krb5.conf file: nano /opt/SecureSpan/Gateway/node/default/var/krb5.conf
2. Edit the krb5.conf file to include the expected/desired encryption type such as aes256-cts-hmac-sha384-192. Be sure to replace that example with whatever encryption type is needed.
[libdefaults]
default_realm = <default_realm>
default_tkt_enctypes = aes256-cts-hmac-sha384-192,rc4-hmac,des-cbc-md5
3. Validate the Kerberos communication in Policy Manager after making the above change.