< Home

ad-server cipher-suite

Function

The ad-server cipher-suite command configures the cipher suite used for interaction between the device and the Kerberos server integrated in an AD server.

The undo ad-server cipher-suite command restores the default configuration.

By default, the cipher suite used for interaction between the device and the Kerberos server integrated in an AD server is aes256-hmac-sha1.

Format

ad-server cipher-suite { aes256-hmac-sha1 | rc4-hmac-md5 }

undo ad-server cipher-suite

Parameters

Parameter Description Value

aes256-hmac-sha1

Sets the cipher suite to aes256-hmac-sha1.

-

rc4-hmac-md5

Sets the cipher suite to rc4-hmac-md5.

-

Views

AD server template view

Default Level

3: Management level

Usage Guidelines

To ensure high security, you are advised to set the cipher suite to aes256-hmac-sha1.

If the cipher suite aes256-hmac-sha1 is specified, user names on the AD server are case-sensitive. If the cipher suite rc4-hmac-md5 is specified, user names on the AD server are case-insensitive.

Example

# Set the cipher suite used for interaction between the device and the Kerberos server integrated in an AD server to aes256-hmac-sha1.

<sysname> system-view
[sysname] ad-server template temp1
[sysname-ad-temp1] ad-server cipher-suite aes256-hmac-sha1
Parent Topic: AD Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >