Enhanced Server-Side KCD Cipher Option

This article relates to LoadMaster firmware version 7.2.52.

In LoadMaster firmware version 7.2.52, a new option for server-side Kerberos Constrained Delegation (KCD) authentication improves the security of the LoadMaster's server-side KCD connections to meet evolving security policies.

In previous releases, KCD was configured to use RC4, DES, and DES3 ciphers for server connections; these ciphers could not be modified. With this release, you can now enable the Use AES 256 SHA1 KCD cipher option on the Virtual Services > Manage SSO User Interface (UI) page to specify that the RC4, DES, and DES3 ciphers be disabled for server-side KCD and that the aes256-cts-hmac-sha1-96 cipher be used instead. This option can be enabled/disabled as needed within different server-side Single Sign On (SSO) configurations.

Application Programming Interface (API) Details

A new parameter has been added to the API - kcdciphersha1.

You can retrieve the current value of the parameter by running the get command:

/access/get?param=kcdciphersha1

You can configure the value of the parameter by running the set command:

/access/set?param=kcdciphersha1&value=1

0 - Disabled

1 - Enabled

For further details on the RESTful API in general, refer to the RESTful API Interface Description document.

For PowerShell help, run the Get-Help command for the relevant commands.

Was this article helpful?

0 out of 0 found this helpful

Comments