Properties vs. Preferences for encrypted values

I have an application with a number of properties that I would like to keep relatively hidden from end users. It's nothing serious like passwords or account numbers, but just the same, we'd rather not have users tampering with them. This includes things like color schemes, fonts, etc.
The Preferences API looks great, but since it's designed with platform-independence in mind, I don't have as much control over how the data is stored. In my case, I'd like to keep the information in an encrypted store. It seems that unless I want to encrypt each individual key/value pair, the Preferences API will not allow me to do this. Would it be better to go with the old Properties API? Or is there a way I can force Preferences to read/write to a file and still get the benefit of type specific get/put methods?
Thanks in advance for any advice.

It seems to me that it doesn't matter which you use; what matters is what you're storing. If the requirement is merely obfuscation to discourage uninformed tampering, then you could e.g. store IP addresses as four bytes instead of a string and label it with some sort of serial number instead of its actual name, which renders it non-obvious what the data is, and if you can't tell what the data is, then no one in their right mind is going to attempt to edit it. As an example, look at this entry from my registry:
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{3F4DC8E2-4050-11D3-8F4B-00C04F7971E2}\##?#SW#{D84D449B-62FB-4EBB-B969-5183ED3DFB51}#GLOBAL#{3f4dc8e2-4050-11d3-8f4b-00c04f7971e2}]
"DeviceInstance"="SW\\{D84D449B-62FB-4EBB-B969-5183ED3DFB51}\\GLOBAL"WTF is it? I have no idea. I'm sure it's not encrypted though, merely not stored in a human-readable fashion.
This has the benefit that you, the developer, can still edit entries, since you can decipher what they are, which might be extremely hard if they were encrypted instead.

Similar Messages

  • Setting preferences for hyperlink display properties

    I want all new hyperlinks created by InDesign and InCopy users at my site to have a certain set of properties. I want them to be sort of orange, with a thin dotted line around them. This is not so that they can be exported to pdf with buttons, but just so that we can preserve links in text for a print paper which is later going to be exported to the web, and I have a script that expands them into html at that point.
    But I can't seem to find any preference that I can set that will allow me to set default display options for all hyperlinks newly created by users.  Hyperlinks used to show up automatically as black rectangles for us, and now they show up invisible. So because I have personally witnessed some change in the default behavior, I feel sure there must be a preference I can set somewhere. But it's possible that was just the switchover from standard behavior in CS4 to standard behavior in CS5.
    Any ideas?

    Sorry but no. There are no viewing preferences for the iTunes Store.

  • Different values for encryption and Decryption ...

    The following program takes a string as input ...
    it uses tripel DES algorithm for encryption/decryption...
    The ciphertext is converted into hexachar string by the following process..
    1.first the cipher text is converted into byte format ..
    2.Then each byte is converted into two hexa-characters ..
    3.a string is formed by appending all the hexa-characters.
    when deconverting this hexa-character string into original cipher text
    Iam not getting the same byte string ...pls check and do let me know if you find out any mistake..
    BUT THE FINAL DECRYPTION IS WORKING GOOD (I.E I GOT THE ORIGINAL INPUT STRING AFTER DECRIPTION ...BUT THE CIPHER TEXT IS NOT SAME ..)
    import java.security.*;
    import javax.crypto.*;
    import java.io.*;
    public class endecryptor
         public static void main( String [] args ) throws Exception
              if ( args.length != 1 )
                        System.err.println("Usage: java SimpleExample text" );
                        System.exit(1);
              endecryptor d = new endecryptor();
              String text = args[0].trim();
              System.out.println("Generating a DESede (TripleDES) key ... " );
              //add the provider
              Provider sunJce = new com.sun.crypto.provider.SunJCE();
              Security.addProvider(sunJce);
              //create a triple DES key
              KeyGenerator keyGenerator = KeyGenerator.getInstance("DESede");
              keyGenerator.init(168); //initialize with the keysize
              Key key = keyGenerator.generateKey();
              System.out.println("Key Algorithm :"+key.getAlgorithm());
              System.out.println("Key Algorithm :"+key);
              System.out.println( "Done generating the key." );
              //create a cipher using a key to initialize it
              Cipher cipher = Cipher.getInstance( "DESede/ECB/PKCS5Padding" );
              cipher.init( Cipher.ENCRYPT_MODE, key );;
              byte[] plaintext = text.getBytes( "UTF8" );
              //print out the bytes of the plaintext
              System.out.println( "\nPlaintext: "+plaintext);
              //perform the actual encryption
              byte[] ciphertext = cipher.doFinal( plaintext);
              //print out the ciphertext
              System.out.println( "\n\nCiphertext: "+ciphertext );
              System.out.println("Converting the cyphertext into hexachar ...");
              String hexcharString = d.bytes2Hex(ciphertext);
              System.out.println("hexcharString::"+hexcharString);
              //re initialize the cipher to decrypt mode
              byte[] tempCipherText = d.decryptorOfHexcharString(hexcharString);
              System.out.println( "after decryptor (for decrypting the hexchar) function ....");
              System.out.println("Temp Ciphertext ::"+ tempCipherText);
              System.out.println( "\n\nCiphertext: "+ciphertext );
              System.out.println("Decrypting the string ...");
              cipher.init( Cipher.DECRYPT_MODE, key );
              //perform the decryption
              //byte[] decryptedText = cipher.doFinal( ciphertext );
              byte[] decryptedText = cipher.doFinal( tempCipherText );
              String output = new String( decryptedText, "UTF8" );
              System.out.println( "\n\nDecrypted Text:" + output );
         public String bytes2Hex(byte[] raw) {
         // here is the code to convert a byte array to hex rep
         int higherbyte; // higher bits in the byte
         int lowerbyte; // the lower bits in the byte
         StringBuffer sb = new StringBuffer();
         int i;
         for (i = 0; i < raw.length; i++) {
         lowerbyte = (raw[i] & 0xf);
         higherbyte = (raw[i] >>> 4) & 0xf;
         sb.append(oneByte2HexChar(higherbyte));
         sb.append(oneByte2HexChar(lowerbyte));
         return sb.toString();
         } // end method bytes2Hex
         public char oneByte2HexChar (int fourbits) {
         // converts byte lower bits to hex char
         if (fourbits < 10) { return (char)('0' + fourbits); }
         return (char) ('a' + (fourbits - 10)) ;
         } // end method oneByte2HexChar
         public byte[] decryptorOfHexcharString(String hexcharStr)
                   int checker=0;
                   char ch1,ch2;
                   byte tempbyte1,tempbyte2,resultbyte;
                   int k=0,stringlength;
                   boolean lengthChecker;
                   int len = hexcharStr.length();
                   byte[] tempCipher = new byte[len/2];
                   System.out.println("length of the hex string:"+len);
                   stringlength = hexcharStr.length();
                   if(stringlength%2 == 0)
                        lengthChecker = true;
                   else
                        lengthChecker = false;
                   for(int i=0;i<stringlength;)
                        ch1 = hexcharStr.charAt(i);
                        tempbyte1 = (byte) getIntValue(ch1);
                        tempbyte1 = (byte) (tempbyte1 << 4);
                        if(i == stringlength-1)
                        if(lengthChecker)
                             ch2 = hexcharStr.charAt(i+1);
                             tempbyte2 = (byte) getIntValue(ch2);
                        else
                             tempbyte2 = 0;
                        else
                             ch2 = hexcharStr.charAt(i+1);
                             tempbyte2 = (byte) getIntValue(ch2);
                        resultbyte = (byte) (tempbyte1 | tempbyte2);
                        tempCipher[k++] = resultbyte;
                        i += 2;
                   return tempCipher;
              public int getIntValue(char character)
                   int val;
                   if(Character.isDigit(character))
                             val = ((int) character ) - '0';
                   else
                             val = ((int) character) + 10 - 'a';
                   return val;

    Dude - the only problem I can see is when you do stuff like this:        System.out.println("\nPlaintext: " + plaintext); That does NOT "print the bytes of" plaintext[]; it just spits out the array's hashcode. Two arrays where that value is different are just two different array variables - says nothing about the content of those arrays.
    Do your byte2hex trick on each ciphertext, and they'll be the same.
    One final thing - please learn to use the [ code ] tags when you post code; it helps us read your code and respond to it.
    Grant

  • Java API to read the Encrypted Values from Windows Registry settings

    Is there any Java API to read the Encrypted Values from Windows Registry settings ?
    My Java Application invokes a 3rd party Tool that writes the key/value to windows registry settings under : “HKLM\Software\<3rdparty>\dataValue”.
    This entry is in BINARY and encrypted with 3DES, using crypto API from Microsoft.
    3rd party software to encrypt the data stored in registry it
    either uses C++ code: and uses the call “CryptProtectData” and “CryptUnProtectData” or
    If it is a .NET (C#) it uses the call “Protect” or “UnProtect” from class “ProtectData” of WinCrypt.h from the library “Crypt32.lib.
    Note: The data is encrypted using auto-generated machinekey and there is no public key shared to decrypt the Encrypted data.
    Since the data is encrypted using auto-generated machinekey the same can be decrypted from a .Net / C++ application using CryptUnprotectData or UnProtect() API of WinCrypt.h from the library “Crypt32.lib.
    To know more about Auto-Generated MachineKey in Windows refer the links below
    http://aspnetresources.com/tools/machineKey
    http://msdn.microsoft.com/en-us/library/ms998288.aspx
    I need to find a way in Java to find the equivalent API to decrypt (CryptUnprotectData) and Microsoft will automatically use the correct key.
    But i couldn't find any informato related to Java APIs to enrypt or decrypt data using auto-generated machinekey.
    Is there a way to read the encrypted data from Windows regsitry settings that is encrypted using the Auto-Generated Machine Key ?
    Kindly let me know if Java provides any such API or mechanism for this.

    If the symmetric key is "auto-generated" and is not being stored anywhere on the machine, it implies that the key is being regenerated based on known values on the machine. This is the same principle in generating 3DES keys using PBE (password-based-encryption). I would review the documentation on the C# side, figure out the algorithm or "seed" values being used by the algorithm, and then attempt to use the JCE to derive the 3DES key using PBE; you will need to provide the known values as parameters to the PBE key-generation function in JCE. Once derived, it can be used to decrypt the ciphertext from the Regiistry in exactly the same way as the CAPI/CNG framework.
    An alternate way for Java to use this key, is to write a JNI library that will call the native Windows code to do the decryption; then the Java program does not need to know details about the key.
    That said, there is a risk that if your code can derive the key based on known seeds, then so can an attacker. I don't know what your applicatiion is doing, but if this is anything related to compliance for some data-security regulation like PCI-DSS, then you will fail the audit (for being unable to prove you have adequate controls on the symmetric key) if a knowledgable QSA probes this design.
    Arshad Noor
    StrongAuth, Inc.

  • I'm doing a scan around a line by sampling data 360 degrees for every value of z(z is the position on the line). So, that mean I have a double for-loop where I collect the data. The problem comes when I try to plot the data. How should I do?

    I'm doing a scan around a line by sampling data 360 degrees for every value of z(z is the position on the line). So, that mean I have a double for-loop where I collect the data. The problem comes when I try to plot the data. How should I do?

    Jonas,
    I think what you want is a 3D plot of a cylinder. I have attached an example using a parametric 3D plot.
    You will probably want to duplicate the points for the first theta value to close the cylinder. I'm not sure what properties of the graph can be manipulated to make it easier to see.
    Bruce
    Bruce Ammons
    Ammons Engineering
    Attachments:
    Cylinder_Plot_3D.vi ‏76 KB

  • Best practice for default values in EO

    I have and entity called AUTH_USER (a user table) within it has 2 TIMESTAMP WITH TIME ZONE columns like this ...:
    EFF_DATE TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT current_timestamp,
    TERM_DATE TIMESTAMP WITH TIME ZONE
    Notice EFF_DATE has a default constraint and is not nullable.
    In the EO, EFF_DATE is represented as a TIMESTAMPTZ and is checked as MANDATORY in its attribute properties. I cannot commit a NEW RECORD based on VO derived from this EO because of the MANDATORY constraint that is set in the EFF_DATE attribute's properties unless I enter a value. My original strategy was to have the field populated by a DEFAULT DATE if the user should attempt to leave this field null.
    This is my deli ma.
    1. I could have the database populate the value based on the default constraint in the table definition. Since EFF_DATE and TERM_DATE resemble the Effective Date (Start, End) properties that the framework already provides then I could set both fields as Effective Date (Start, End) and then check Refresh After Insert. But this still won't work unless I deselect the mandatory property on EFF_DATE.
    2. The previous solution would work. However, I'm not sure that it is part of a "Best Practices" solution. In my mind if a database column is mandatory in the database then it should be mandatory in the Model as well.
    3. If the first option is a poor choice, then what I need to do is to leave the attribute defined and mandatory and have a DEFAULT VALUE set in the RowImpl create method.
    4. Finally, I could just force the user to enter a value. That would seem to be the common sense thing to do. I mean that's what calendar widgets and AJAX enabled JSF are for!
    Regardless to what the correct answer is, I'd like to see some sample code of how the date can be populated inside the RowImpl create method and it pass to setEffDate(TimestampTZ dt). Keep in mind though that in this instance I need the timezone at the database server side and not the client side. I would also ask for advice on doing this with Groovy Scripting or expressions.
    And finally, what is the best practice in this situation?
    Thanks in advance.

    How about setting the default value property of the attribute in the EO to be adf.currentDate ?
    (assuming you are using 11g).
    This way there is a default date being set when the record is created and the user can change it if he wants to.

  • How to Query remote PC's registry by OU for 2 values and export to CSV file.

    I'm new to scripting and to Powershell but this is what I have managed to put together so far. Of course it fails. We have two custom entries in the registry that I want to query remote workstations for these values, Monitor 1 and Monitor 2. Output to a
    CSV along with the workstations name. Because of our AD structure I figured its just easier to input the OU individually as seen in the script. That portion of the script seems to work. I get the following error in bold when I run the script: I've Google'd
    and tinkered with this for a week now with no resolution and seem to be going in circles.  And yes, I had help to get this far.
    Exception calling "OpenRemoteBaseKey" with "2" argument(s): "The network path was not found.
    At C:\utils\RegMonitor2.ps1:33 char:5
    +     $regKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($Hive,$result.pro ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
        + FullyQualifiedErrorId : IOException
    Exception calling "OpenRemoteBaseKey" with "2" argument(s): "The network path was not found.
    At C:\utils\RegMonitor2.ps1:33 char:5
    +     $regKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($Hive,$result.pro ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
        + FullyQualifiedErrorId : IOException
    # 1) Searches Active Directory for all Computers under said OU
    # 2) Searches remote registry of those machines for the mentioned Monitor and Monitor2 subkeys.
    # 3) Exports CSV (Can be opened and saved as excel format later) with ordered columns Computername, Monitor1 value, monitor2 value.
    # ================================================================
    $SearchPath = "OU=XXX,OU=XXX,OU=XXX,DC=XXX,DC=XXX,DC=XXX"
    $objSearcher = New-Object System.DirectoryServices.DirectorySearcher
    $objSearcher.SearchRoot = New-Object System.DirectoryServices.DirectoryEntry("LDAP://$SearchPATH")
    $objSearcher.PageSize = 1000
    $objSearcher.Filter = "(objectClass=computer)"
    $objSearcher.SearchScope = "Subtree"
    $colProplist = "name"
    $colResults = $objSearcher.FindAll()
    $Store = @()
    $Hive = [Microsoft.Win32.RegistryHive]"LocalMachine";
    foreach ($result in $colResults)
    # Use $result.properties.name to retreive ComputerName
    $obj = New-Object PsObject
    $obj | Add-member -type noteproperty -name "Computername" -Value $result.properties.name
    $regKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($Hive,$result.properties.name);
    $ref = $regKey.OpenSubKey("SYSTEM\CurrentcontrolSet\control\Session Manager\Environment");
    $obj | Add-member -type Noteproperty -name "Monitor1" -value $ref.OpenSubKey("Monitor")
    $obj | Add-member -type Noteproperty -name "Monitor2" -value $ref.OpenSubKey("Monitor2")
    $store += $obj
    $store | Select-Object Computername,Monitor1,Monitor2 | Export-CSV -noTypeInformation -Path "Pathtosave.csv"
    People are always promising the apocalypse. They never deliver.
    Ok, I have modified the end of the script a bit, and no more error: Instead I get an unexpected output.
    foreach ($result in $colResults)
        # Use $result.properties.name to retreive ComputerName
        $obj = New-Object PsObject
        $obj | Add-member -type noteproperty -name "Computername" -Value $result.properties.name
        $regKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($Hive,$result.properties.name);
        $ref = $regKey.OpenSubKey("SYSTEM\CurrentcontrolSet\control\Session Manager\Environment");
        $obj | Add-member -type Noteproperty -name "Monitor1" -value $ref.OpenSubKey("Monitor")
        $obj | Add-member -type Noteproperty -name "Monitor2" -value $ref.OpenSubKey("Monitor2")
        $store += $obj
    $store | Select-Object Computername,Monitor1,Monitor2 | Export-CSV -noTypeInformation -Path "C:\Utils\Data.csv"
    Unexpected output:
    "Computername","Monitor1","Monitor2"
    "System.DirectoryServices.ResultPropertyValueCollection",,
    "System.DirectoryServices.ResultPropertyValueCollection",,
    "System.DirectoryServices.ResultPropertyValueCollection",,

    Hi,
    What do your registry values look like in the Monitor and Monitor2 subkeys?
    EDIT: This might help:
    # Retrieve list of computers using Get-ADComputer and process each
    Get-ADComputer -Filter * -SearchBase 'OU=Test PCs,DC=domain,DC=com' | ForEach {
    # Verify PC is alive
    If (Test-Connection $_.Name -Quiet -Count 1) {
    # Connect to registry
    $remoteHive = [Microsoft.Win32.RegistryHive]“LocalMachine”;
    $regKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($remoteHive,$($_.Name))
    # Open the Environment key
    $ref = $regKey.OpenSubKey('SYSTEM\CurrentcontrolSet\control\Session Manager\Environment')
    # Create an ordered hashtable with the data from string values named 'String Value One/Two' in Monitor and Monitor2 subkeys
    # You'll need to adjust these values based on your actual data
    # If you are running v2, remove [ordered] below (so the line reads $props = @{)
    $props = [ordered]@{
    Computer=$_.Name
    Monitor =$ref.OpenSubKey('Monitor').GetValue('String Value One')
    Monitor2=$ref.OpenSubKey('Monitor2').GetValue('String Value Two')
    # Create a custom object based on the hashtable above
    New-Object PsObject -Property $props
    } | Sort-Object Computer | Export-Csv .\MonitorRegistryCheck.csv -NoTypeInformation
    # The line above sorts the output object by the computer name and then exports the object to a CSV file
    Don't retire TechNet! -
    (Don't give up yet - 12,575+ strong and growing)

  • How to set a encrypted value on a ConfigurationProperty when working offlin

    So, I have a particular instance of configuration property that I am trying to modify when working on a domain offline, in particular during the configuration of a domain template in final.py.
    wls:/offline>ls()
    -rw- EncryptValueRequired true
    -rw- EncryptedValueEncrypted {3DES}istgZKedh7j6eu/9GdqXMg==
    -rw- Name IntegrityKeyPassword
    -rw- Notes null
    -rw- Value null
    wls:/offline>prompt()
    As I am working in offline mode cmo.setEncryptedValue() doesn't appear to work as it complains there is no such attribute. I can set "Value" but the server only reads the encrypted value so that doesn't help me.
    I did work out how to calculate the encrypted value using weblogic.security.Encryption; but I can't find a set(...) or cmo.setXXX(...) combination that works. It is very likely something very obvious,
    Thanks,
    Gerard Davison

    Hi Gersh
    Sorry for my late reply and thanks for your helpful information.
    I tried the second way of your information and I could configure it.  
    And I 'll try first way of your information.
    Regards,
    Keisuke

  • KDC has no support for encryption type (14)

    I have come across a posting on "KDC has no support for encryption type (14)" - " http://www.webservertalk.com/message1277232.html"
    and believe that I am hitting the same problem. However, there is no solution. Can anybody help?
    I have done all the necessary steps suggested, including changing the registry and removing the unwanted SPN, but the error still there. The only different is probably I combined WebLogic and AD in one machine. But, does that make any difference?
    Client
    ====
    Name: ssoclient.ssow2k.com
    OS: Win XP SP2
    Server
    =====
    Name: ssow2kserver.ssow2k.com
    OS: Windows 2000 Advanced Server SP4
    WLS: BEA WebLogic 8.1.4
    <<Registry>>
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
    Value Name: allowtgtsessionkey
    Value Type: REG_DWORD
    Value: 0x01
    The following is the WebLogic myserver log for your reference:
    ========================================================================================
    ####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Resource: type=<url>, application=console, contextPath=/console, uri=/*>
    ####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Role:>
    ####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> < roleName: Admin>
    ####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> < roleName: Operator>
    ####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> < roleName: Deployer>
    ####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> < roleName: Monitor>
    ####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Built role expression of {Rol(Admin,Operator,Deployer,Monitor)}>
    ####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): policy {Rol(Admin,Operator,Deployer,Monitor)} successfully deployed for resource type=<url>, application=console, contextPath=/console, uri=/*>
    ####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Resource: type=<url>, application=mySampleWebApp, contextPath=/mysamplewebapp, uri=/*, httpMethod=GET>
    ####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Role:>
    ####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> < roleName: DCMS_ROLE>
    ####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Built role expression of {Rol(DCMS_ROLE)}>
    ####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): policy {Rol(DCMS_ROLE)} successfully deployed for resource type=<url>, application=mySampleWebApp, contextPath=/mysamplewebapp, uri=/*, httpMethod=GET>
    ####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Resource: type=<url>, application=mySampleWebApp, contextPath=/mysamplewebapp, uri=/*, httpMethod=POST>
    ####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Role:>
    ####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> < roleName: DCMS_ROLE>
    ####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Built role expression of {Rol(DCMS_ROLE)}>
    ####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): policy {Rol(DCMS_ROLE)} successfully deployed for resource type=<url>, application=mySampleWebApp, contextPath=/mysamplewebapp, uri=/*, httpMethod=POST>
    ####<Apr 6, 2006 3:02:07 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <ExecuteThread: '14' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> < PrincipalAuthenticator.assertIdentity - Token Type: Authorization>
    ####<Apr 6, 2006 3:02:07 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <ExecuteThread: '14' for queue: ' weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <Found Negotiate with SPNEGO token>
    ####<Apr 6, 2006 3:02:08 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <ExecuteThread: '14' for queue: ' weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <GSS exception GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
    GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
    at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:734)
    at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:300)
    at sun.security.jgss.GSSContextImpl.acceptSecContext (GSSContextImpl.java:246)
    at weblogic.security.providers.utils.SPNEGONegotiateToken.getUsername(SPNEGONegotiateToken.java:371)
    at weblogic.security.providers.authentication.SinglePassNegotiateIdentityAsserterProviderImpl.assertIdentity (SinglePassNegotiateIdentityAsserterProviderImpl.java:201)
    at weblogic.security.service.PrincipalAuthenticator.assertIdentity(PrincipalAuthenticator.java:553)
    at weblogic.servlet.security.internal.CertSecurityModule.checkUserPerm (CertSecurityModule.java:104)
    at weblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.java:199)
    at weblogic.servlet.security.internal.CertSecurityModule.checkA(CertSecurityModule.java:86)
    at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:145)
    at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3685)
    at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
    >
    ####<Apr 6, 2006 3:02:08 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <ExecuteThread: '14' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <Exception weblogic.security.providers.utils.NegotiateTokenException: GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
    weblogic.security.providers.utils.NegotiateTokenException : GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
    at weblogic.security.providers.utils.SPNEGONegotiateToken.getUsername(SPNEGONegotiateToken.java:419)
    at weblogic.security.providers.authentication.SinglePassNegotiateIdentityAsserterProviderImpl.assertIdentity(SinglePassNegotiateIdentityAsserterProviderImpl.java:201)
    at weblogic.security.service.PrincipalAuthenticator.assertIdentity (PrincipalAuthenticator.java:553)
    at weblogic.servlet.security.internal.CertSecurityModule.checkUserPerm(CertSecurityModule.java:104)
    at weblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.java :199)
    at weblogic.servlet.security.internal.CertSecurityModule.checkA(CertSecurityModule.java:86)
    at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:145)
    at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3685)
    at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644)
    at weblogic.kernel.ExecuteThread.execute (ExecuteThread.java:219)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
    >
    ========================================================================================
    The following are some krb5 packets captured. I suspected it is due to the encryption type used - RC4-HMAC:
    ========================================================================================
    KRB5 (AS-REQ)
    ============
    No. Time Source Destination Protocol Info
    125 10.301166 10.122.1.2 10.122.1.200 KRB5 AS-REQ
    Frame 125 (345 bytes on wire, 345 bytes captured)
    Arrival Time: Apr 6, 2006 13:49:54.848903000
    Time delta from previous packet: 0.008330000 seconds
    Time since reference or first frame: 10.301166000 seconds
    Frame Number: 125
    Packet Length: 345 bytes
    Capture Length: 345 bytes
    Protocols in frame: eth:ip:udp:kerberos
    Ethernet II, Src: 10.122.1.2 (00:0c:29:17:9a:be), Dst: Vmware_59:2c:e6 (00:0c:29:59:2c:e6)
    Destination: Vmware_59:2c:e6 (00:0c:29:59:2c:e6)
    Source: 10.122.1.2 (00:0c:29:17:9a:be)
    Type: IP (0x0800)
    Internet Protocol, Src: 10.122.1.2 (10.122.1.2), Dst: 10.122.1.200 (10.122.1.200)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    0000 00.. = Differentiated Services Codepoint: Default (0x00)
    .... ..0. = ECN-Capable Transport (ECT): 0
    .... ...0 = ECN-CE: 0
    Total Length: 331
    Identification: 0x0158 (344)
    Flags: 0x00
    0... = Reserved bit: Not set
    .0.. = Don't fragment: Not set
    ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: UDP (0x11)
    Header checksum: 0x208d [correct]
    Source: 10.122.1.2 (10.122.1.2 )
    Destination: 10.122.1.200 (10.122.1.200)
    User Datagram Protocol, Src Port: 1075 (1075), Dst Port: kerberos (88)
    Source port: 1075 (1075)
    Destination port: kerberos (88)
    Length: 311
    Checksum: 0x1133 [correct]
    Kerberos AS-REQ
    Pvno: 5
    MSG Type: AS-REQ (10)
    padata: PA-ENC-TIMESTAMP PA-PAC-REQUEST
    Type: PA-ENC-TIMESTAMP (2)
    Type: PA-PAC-REQUEST (128)
    KDC_REQ_BODY
    Padding: 0
    KDCOptions: 40810010 (Forwardable, Renewable, Canonicalize, Renewable OK)
    Client Name (Principal): ssouser
    Realm: SSOW2K.COM
    Server Name (Service and Instance): krbtgt/SSOW2K.COM
    till: 2037-09-13 02:48:05 (Z)
    rtime: 2037-09-13 02:48:05 (Z)
    Nonce: 1870983219
    Encryption Types: rc4-hmac rc4-hmac-old rc4-md4 des-cbc-md5 des-cbc-crc rc4-hmac-exp rc4-hmac-old-exp
    Encryption type: rc4-hmac (23)
    Encryption type: rc4-hmac-old (-133)
    Encryption type: rc4-md4 (-128)
    Encryption type: des-cbc-md5 (3)
    Encryption type: des-cbc-crc (1)
    Encryption type: rc4-hmac-exp (24)
    Encryption type: rc4-hmac-old-exp (-135)
    HostAddresses: SSOCLIENT<20>
    KRB5 (AS-REP)
    ============
    No. Time Source Destination Protocol Info
    126 10.303156 10.122.1.200 10.122.1.2 KRB5 AS-REP
    Frame 126 (1324 bytes on wire, 1324 bytes captured)
    Arrival Time: Apr 6, 2006 13:49:54.850893000
    Time delta from previous packet: 0.001990000 seconds
    Time since reference or first frame: 10.303156000 seconds
    Frame Number: 126
    Packet Length: 1324 bytes
    Capture Length: 1324 bytes
    Protocols in frame: eth:ip:udp:kerberos
    Ethernet II, Src: Vmware_59:2c:e6 (00:0c:29:59:2c:e6), Dst: 10.122.1.2 (00:0c:29:17:9a:be)
    Destination: 10.122.1.2 (00:0c:29:17:9a:be)
    Source: Vmware_59:2c:e6 (00:0c:29:59:2c:e6)
    Type: IP (0x0800)
    Internet Protocol, Src: 10.122.1.200 (10.122.1.200), Dst: 10.122.1.2 (10.122.1.2)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    0000 00.. = Differentiated Services Codepoint: Default (0x00)
    .... ..0. = ECN-Capable Transport (ECT): 0
    .... ...0 = ECN-CE: 0
    Total Length: 1310
    Identification: 0x0a0f (2575)
    Flags: 0x00
    0... = Reserved bit: Not set
    .0.. = Don't fragment: Not set
    ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: UDP (0x11)
    Header checksum: 0x1403 [correct]
    Source: 10.122.1.200 (10.122.1.200)
    Destination: 10.122.1.2 (10.122.1.2)
    User Datagram Protocol, Src Port: kerberos (88), Dst Port: 1075 (1075)
    Source port: kerberos (88)
    Destination port: 1075 (1075)
    Length: 1290
    Checksum: 0xb637 [correct]
    Kerberos AS-REP
    Pvno: 5
    MSG Type: AS-REP (11)
    Client Realm: SSOW2K.COM
    Client Name (Principal): ssouser
    Ticket
    enc-part rc4-hmac
    Encryption type: rc4-hmac (23)
    Kvno: 1
    enc-part: E3610239EACDD0E6D4E89AA7D81A355F6C93B95D95B13B56...
    KRB5 (TGS-REQ)
    ============
    No. Time Source Destination Protocol Info
    127 10.309350 10.122.1.2 10.122.1.200 KRB5 TGS-REQ
    Frame 127 (1307 bytes on wire, 1307 bytes captured)
    Arrival Time: Apr 6, 2006 13:49:54.857087000
    Time delta from previous packet: 0.006194000 seconds
    Time since reference or first frame: 10.309350000 seconds
    Frame Number: 127
    Packet Length: 1307 bytes
    Capture Length: 1307 bytes
    Protocols in frame: eth:ip:udp:kerberos
    Ethernet II, Src: 10.122.1.2 (00:0c:29:17:9a:be), Dst: Vmware_59:2c:e6 (00:0c:29:59:2c:e6)
    Destination: Vmware_59:2c:e6 (00:0c:29:59:2c:e6)
    Source: 10.122.1.2 (00:0c:29:17:9a:be)
    Type: IP (0x0800)
    Internet Protocol, Src: 10.122.1.2 (10.122.1.2), Dst: 10.122.1.200 (10.122.1.200)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    0000 00.. = Differentiated Services Codepoint: Default (0x00)
    .... ..0. = ECN-Capable Transport (ECT): 0
    .... ...0 = ECN-CE: 0
    Total Length: 1293
    Identification: 0x0159 (345)
    Flags: 0x00
    0... = Reserved bit: Not set
    .0.. = Don't fragment: Not set
    ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: UDP (0x11)
    Header checksum: 0x1cca [correct]
    Source: 10.122.1.2 (10.122.1.2)
    Destination: 10.122.1.200 ( 10.122.1.200)
    User Datagram Protocol, Src Port: 1076 (1076), Dst Port: kerberos (88)
    Source port: 1076 (1076)
    Destination port: kerberos (88)
    Length: 1273
    Checksum: 0xd085 [correct]
    Kerberos TGS-REQ
    Pvno: 5
    MSG Type: TGS-REQ (12)
    padata: PA-TGS-REQ
    Type: PA-TGS-REQ (1)
    KDC_REQ_BODY
    Padding: 0
    KDCOptions: 40800000 (Forwardable, Renewable)
    Realm: SSOW2K.COM
    Server Name (Service and Instance): HTTP/ssow2kserver.ssow2k.com
    till: 2037-09-13 02:48:05 (Z)
    Nonce: 1871140380
    Encryption Types: rc4-hmac rc4-hmac-old rc4-md4 des-cbc-md5 des-cbc-crc rc4-hmac-exp rc4-hmac-old-exp
    Encryption type: rc4-hmac (23)
    Encryption type: rc4-hmac-old (-133)
    Encryption type: rc4-md4 (-128)
    Encryption type: des-cbc-md5 (3)
    Encryption type: des-cbc-crc (1)
    Encryption type: rc4-hmac-exp (24)
    Encryption type: rc4-hmac-old-exp (-135)
    KRB5 (TGS-REP)
    ============
    No. Time Source Destination Protocol Info
    128 10.310791 10.122.1.200 10.122.1.2 KRB5 TGS-REP
    Frame 128 (1290 bytes on wire, 1290 bytes captured)
    Arrival Time: Apr 6, 2006 13:49:54.858528000
    Time delta from previous packet: 0.001441000 seconds
    Time since reference or first frame: 10.310791000 seconds
    Frame Number: 128
    Packet Length: 1290 bytes
    Capture Length: 1290 bytes
    Protocols in frame: eth:ip:udp:kerberos
    Ethernet II, Src: Vmware_59:2c:e6 (00:0c:29:59:2c:e6), Dst: 10.122.1.2 (00:0c:29:17:9a:be)
    Destination: 10.122.1.2 (00:0c:29:17:9a:be)
    Source: Vmware_59:2c:e6 (00:0c:29:59:2c:e6)
    Type: IP (0x0800)
    Internet Protocol, Src: 10.122.1.200 (10.122.1.200), Dst: 10.122.1.2 (10.122.1.2)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    0000 00.. = Differentiated Services Codepoint: Default (0x00)
    .... ..0. = ECN-Capable Transport (ECT): 0
    .... ...0 = ECN-CE: 0
    Total Length: 1276
    Identification: 0x0a10 (2576)
    Flags: 0x00
    0... = Reserved bit: Not set
    .0.. = Don't fragment: Not set
    ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: UDP (0x11)
    Header checksum: 0x1424 [correct]
    Source: 10.122.1.200 (10.122.1.200)
    Destination: 10.122.1.2 (10.122.1.2)
    User Datagram Protocol, Src Port: kerberos (88), Dst Port: 1076 (1076)
    Source port: kerberos (88)
    Destination port: 1076 (1076)
    Length: 1256
    Checksum: 0x1318 [correct]
    Kerberos TGS-REP
    Pvno: 5
    MSG Type: TGS-REP (13)
    Client Realm: SSOW2K.COM
    Client Name (Principal): ssouser
    Ticket
    enc-part rc4-hmac
    Encryption type: rc4-hmac (23)
    Kvno: 1
    enc-part: 4D2A9E8590CC716EA6571B093B6FAF89537B0B89F832C073...
    ========================================================================================
    Can anybody enlighten me on how you solve this problem? Thanks.

    I ran into this error and caught the error code to remind me to edit the registry.
    if (sError.contains("KDC has no support for encryption type (14)")){
                        JOptionPane.showMessageDialog(null,"Error " + ThisErrorCode.myErrorCode() + '\n' +
                        " http://support.microsoft.com/default.aspx?scid=kb;en-us;308339" + '\n' + '\n' +
                        "There is a known issue involving Windows clients running Windows 2000 SP4, XP SP2." + '\n' +
                        "To avoid the error, administrators need to update the Windows registry." + '\n' +
                        "The registry key, allowtgtsessionkey, should be added, and its value set correctly" + '\n' +
                        "to allow session keys to be sent in the Kerberos Ticket-Granting Ticket." + '\n' + '\n' +
                        "Windows XP SP2, add the registry entry:" + '\n' +
                        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\Kerberos\\" + '\n' +
                        "Value Name: allowtgtsessionkey" + '\n' +
                        "Value Type: REG_DWORD" + '\n' +
                        "Value: 0x01" ,null, JOptionPane.ERROR_MESSAGE);
                        System.exit(-1);

  • Problem: KDC has no support for encryption type (14)

    hi, I have dealing the problem for long time and no response in bea forum.
    I feel very exhausted when checking mit's kerberos mailist and sun forum. Any try every method they provide but not success.
    first I generate the keytab using w2k's ktpass
    ktpass -princ HTTP/[email protected] -mapuser weblogic -pass weblogic -out dlsvr_keytab -crypto des-cbc-crc
    and it turn out to be successful.
    My W2KSP4 KDC Config is:
    c:\winnt\krb5.ini-----------------------------
    [libdefaults]
    default_realm = DLSVR.COM
    default_tkt_enctypes = des-cbc-crc
    default_tgs_enctypes = des-cbc-crc
    ticket_lifetime = 600
    [realms]
    DLSVR.COM = {
    kdc = 192.168.2.231
    admin_server = dlserver
    default_domain = DLSVR.COM
    [domain_realm]
    .dlsvr.com= DLSVR.COM
    [appdefaults]
    autologin = true
    forward = true
    forwardable = true
    encrypt = true
    i also set des type in AD Accout and also reset password after that
    i create my keytab using des-cbc-crc as you can see in the log below :
    <2005-11-8 ����06��09��39�� CST> <Debug> <SecurityDebug> <000000> <Found Negotiate with SPNEGO token>
    KeyTab: load() entry length: 50
    KeyTabInputStream, readName(): DLSVR.COM
    KeyTabInputStream, readName(): host
    KeyTabInputStream, readName(): weblogic
    KeyTab: load() entry length: 44
    KeyTabInputStream, readName(): dlsvr.com
    KeyTabInputStream, readName(): weblogic
    EType: sun.security.krb5.internal.crypto.DesCbcCrcEType
    crc32: e9889c7a
    crc32: 11101001100010001001110001111010
    KrbAsReq calling createMessage
    KrbAsReq in createMessage
    KrbAsReq etypes are: 1
    KrbKdcReq send: kdc=192.168.2.231 UDP:88, timeout=30000, number of retries =3, #bytes=216
    KDCCommunication: kdc=192.168.2.231 UDP:88, timeout=30000,Attempt =1, #bytes=216
    KrbKdcReq send: #bytes read=1217
    KrbKdcReq send: #bytes read=1217
    EType: sun.security.krb5.internal.crypto.DesCbcCrcEType
    crc32: 54c176ae
    crc32: 1010100110000010111011010101110
    KrbAsRep cons in KrbAsReq.getReply host/weblogicFound key for host/[email protected]
    Entered Krb5Context.acceptSecContext with state=STATE_NEW
    <2005-11-8 ����06��09��39�� CST> <Debug> <SecurityDebug> <000000> <GSS exception GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no
    support for encryption type (14))
    GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
    at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:734)
    at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:300)
    at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:246)
    at weblogic.security.providers.utils.SPNEGONegotiateToken.getUsername(SPNEGONegotiateToken.java:371)
    at weblogic.security.providers.authentication.SinglePassNegotiateIdentityAsserterProviderImpl.assertIdentity(SinglePassNegotiateIdentityAsserterProvider
    Impl.java:201)
    at weblogic.security.service.PrincipalAuthenticator.assertIdentity(PrincipalAuthenticator.java:553)
    at weblogic.servlet.security.internal.CertSecurityModule.checkUserPerm(CertSecurityModule.java:104)
    at weblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.java:199)
    at weblogic.servlet.security.internal.CertSecurityModule.checkA(CertSecurityModule.java:86)
    at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:145)
    at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3685)
    at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
    So i don't know why win2k's KDC not support the des-cbc-crc,
    Any Help or Clue woud be highly appreciated!
    david

    Exception was: javax.naming.AuthenticationException: KDC has no support for encryption type (14) [Root exception is KrbException: KDC has no support for encryption type (14)]
    at com.sco.tta.server.security.java14.KerberosAuth.login(KerberosAuth.java:286)
    at com.sco.tta.server.login.ADLoginAuthority.authenticate(ADLoginAuthority.java:39 0)
    Cause 2: This exception is thrown when using native ticket cache on some Windows platforms. Microsoft has added a new feature in which they no longer export the session keys for Ticket-Granting Tickets (TGTs). As a result, the native TGT obtained on Windows has an "empty" session key and null EType. The effected platforms include: Windows Server 2003, Windows 2000 Server Service Pack 4 (SP4) and Windows XP SP2.
    Solution 2: You need to update the Windows registry to disable this new feature. The registry key allowtgtsessionkey should be added--and set correctly--to allow session keys to be sent in the Kerberos Ticket-Granting Ticket.
    On the Windows Server 2003 and Windows 2000 SP4, here is the required registry setting:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
    Value Name: allowtgtsessionkey
    Value Type: REG_DWORD
    Value: 0x01 ( default is 0 )
    By default, the value is 0; setting it to "0x01" allows a session key to be included in the TGT.

  • Preferences for email

    I keep trying to set preferences for apple mail in WGM either for the group or the user but neither of them seem to work. I enter in the default program, email address, incoing/outgoing mail server and account type. Then when I log in to their network home folder and open mail it wants me to set up their account. So it seems that the preferences I am setting are not being applied.
    Basically all I want to do is set up their email account with out having to log into every user and launching apple mail and going through the setup assistant. Would it just be easier to put a pref file in the details??
    I just can't seem to figure this one out.

    Hey Ben,
    I don't think its the contents of your pref file that are the problem. Here are a couple of things that might help:
    1. A quicker way to move things from Once/Often/Always
    If you go to Workgroup Manager's Preferences, you can check a checkbox to "Show all records and the Inspector tab". Then, if you go back to Accounts view of the user, you will see the inspector tab all the way to the right. If you go look in there, you should see the contents of your preferences stored as XML in two mirrored fields, MCXSettings and dsAttrTypeNative:apple-mcxsettings. What I do is copy the contents of the 'value' of one of those fields (they are the same) into TextMate (use any text editor you're comfortable with) and you can quickly change Preferences from being Often or Always. Basically, all "Often" settings are nested under a key named:
    <pre class="command"><key>Set-Once</key></pre>
    And all "Always" prefs under a key named:
    <pre class="command"><key>Forced</key></pre>
    If, you're only currently managing com.apple.mail.plist and want it all to be Always, you can just change Set-Once to Forced.
    Then, of course, paste the contents back into BOTH FIELDS in Workgroup Manager (anyone more experienced know if that's necessary? They seem to be the same field listed twice. Will pasting back into just one work? Which one?). I've found that changes using this method are not instantly reflected if I switch back to Preference view -> Detail and Edit the file. I therefore quickly logout and log back in to verify the change stuck.
    2. If you are doing this in order to configure a NEW user's account, there's a few caveats, namely that if Mail does not see ~/Library/Mail/Envelope Index, it doesn't matter what's in the preference file, it runs the setup wizard. So, you might want to create a virgin Envelope Index and add it to your home folder template, and/or push it out to any existing users you want to push the settings for.
    MacBook   Mac OS X (10.4.8)  

  • AES Encryption - Encrypted value lengths

    HI all -
    I am attempting to use CF 8's AES encryption feature, and
    have not found a critical piece of info in the docs to enable me to
    progress.
    I am using the function to encrypt a password that can be
    from 6 to 16 characters long, which will be stored in a database. I
    am using generateSecretKey("AES"), and that gives me a 24 character
    key that I'm storing for future decryption use. I find that when I
    use the key to encrypt a 6 character password the resulting
    encrypted string is 32 characters long, but when I encrypt a 16
    character password I get a 64 character encrypted string. This is
    the case whether I specify "HEX" or "UU" as the encoding.
    Without knowing how the length of the resulting encoded
    string is determined, I cannot know how large to make my database
    column. (MySQL's AES encryption gives the formula 16 ×
    (trunc(string_length / 16) + 1) to arrive at the resulting string's
    length, but that formula doesn't yield the results I'm seeing in
    CFMX). Can anyone point me to a doc, or explain to me how to
    determine the column length for storing the resulting encrypted
    value?

    No. Only things like key, encoding and string size should
    matter. If the encoding is "hex", 1-15 characters should produce
    size 32, 16-31 characters should produce 64, etcetera. Unless space
    is at a premium, you could always increase the field size if that
    makes you feel more comfortable.
    Well, the results are dictated by the AES standard and basic
    string encoding rules, not CF. I highly doubt either one is going
    to change any time soon ;-) I agree documentation is good. However,
    unlike aes_encrypt, the encrypt function supports many different
    algorithms. Most of which have a distinct set of rules. So it would
    probably be difficult to provide accurate information about all of
    them. Especially as the specifications for each one alone probably
    spans volumes ;-)

  • How to set preferences for all users?

    I'm working with a windows CITRIX server and I need to disable the 'Remember passwords for sites' preference for all the users on the server. How do you do this for any user launching firefox on the server?

    You can lock the signon.rememberSignons pref to false via the mozilla.cfg file.
    lockPref("signon.rememberSignons", false);
    You canuse a mozilla.cfg file in the Firefox program folder to lock prefs or specify new (default) values.
    Place a local-settings.js file in the defaults\pref folder where also the channel-prefs.js file is located to specify using mozilla.cfg.
    pref("general.config.filename", "mozilla.cfg");
    pref("general.config.obscure_value", 0);
    These functions can be used in the mozilla.cfg file:
    defaultPref(); // set new default value
    pref(); // set pref, allow changes in current session
    lockPref(); // lock pref, disallow changes
    See:
    *http://kb.mozillazine.org/Locking_preferences
    *http://mike.kaply.com/2012/03/16/customizing-firefox-autoconfig-files/
    *http://mike.kaply.com/2014/01/08/can-firefox-do-this/

  • Ironport mapping with outlook for encryption

    For encryption ,
    If the user is sending mail from the microsoft outlook, and sending as a confidential mail, then is it possible to trigger this mail on ironport by configuring any policy and get encrypt at the recipient end.
    Regards,
    wajid dabir

    You can accomplish this from Outlook by using the Outlook Encryption Plug-in, or by setting up a content filter on your appliance and using subject line keywords to accomplish encryption.
    1) Create a content filter under Mail Policies -> Incoming Content Filters -OR- Outgoing Content Filters, with the following properties:
      Condition:
          Subject Header: Contains: (?i)\[SEND SECURE\] -OR- (?i)\[encrypt\] -OR- (?i)\[keyword of choice\]
      Action:
          Encrypt and Deliver
    (example from web GUI):
    Condition details:
    Actions details:
    * Q: Why does the output reflect as “\\”?  You will need to have the line written as:
    (?i)\[SEND SECURE\] 
    This will AUTOMATICALLY convert to show as:
    subject == "(?i)\\[SEND SECURE\\]” 
    * Q: What does (?i) do?  Case insensitivity.  Allows for “[SEND SECURE]”, “[send secure]”, “[SeNd SeCuRe]”, etc.
    2) Enable the new content filter for all relevant policies under Mail Policies -> Outgoing Mail Policies
    3) Submit/Commit the changes 
    I hope this helps!
    -Robert
    (*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!)

  • Choosing datatype for encrypted columns.

    Hi All,
    I want to encrypt some data using DBMS_CRYPTO. The encrypted output will be RAW data type. While I am referring examples, most of the examples referred as VARCHAR2 datatype.
    Why I need to store as VARCHAR2 instead of RAW itself.
    If I want to store the RAW value into VARCHAR2 I need to convert into VARCHAR2, again while decryption I need to vice versa. This will lead to performance problem.
    What is the logic behind this? I am not getting clearly.
    suppose i want to store the encrypted values without convert to varchar2 i need double the space as RAW.
    Thanks for your thoughts in advance.
    Regards,
    ShenthilkumarCK
    Message was edited by:
    ShenthilkumarCK

    Hi
    You are going to be disappointed because timestamp columns are not one of the recognised data types supported by Discoverer. It only recognises dates, strings and numbers (both integers and decimal).
    Perhaps you could put up a view that corresponds to the table you are using, converting the timestamp to a regular date instead?
    Then, inside your EUL, all you would have to do is repoint the folder to the view.
    Best wishes
    Michael

Maybe you are looking for

  • Dreamweaver file type associations

    Hi guys. Just a quick one as it will bug me for ages if I keep trying to figure out why this wont work.. Basically, in dreamweaver when in code view and right clicking a certain image or file and trying to open it in the file-associated program.. It'

  • MIGO - Goods Receipt against Outbound Delivery  - Default Storage location

    Hi All, We have a Plant A001 and 2  Storage locations B001 and C001. Recently we added a new Storage location D001. Moving forward we would like to have all goods receipts to be posted to the new Storage location D001. What are the steps involved so

  • Why cannot I send a full resolution jpg file in MAIL?  My recipient only gets a .JPEG, which is a thumbnail.

    I am trying to send a 2 MB jpg file.  My recipient consistently gets a thumbnail, JPEG file.  This has never happened to me before.  What must I do to send a full resolution jpg photo?

  • Application Server Problem

    Dear All, I installed Oracle AS forms and reports services on a test machine. I want to configure tnsnames.ora of the AS to connect to a database in another server. could you plz give me an example of this configuration Os info: Windows 2000 Server O

  • What data type is refnum? initializing refnum?

    Hello, I've attached my Labview 6.1 VI.   The VI allows the user to save and view the data of  up to 12  DAQ channels.   The VI uses a case statements and the the checkbox to determine whether or not to open and save data to a file.  My problem is th