Was this helpful?
Encryption Parameters--Enable Kerberos Encryption
To specify encryption, the following options are available in Configuration-By-Forms under the Net Server (also known as Communications Server) component:
ib_encrypt_mech
Determine the encryption mechanism for inbound connections. Valid values are
kerberos
Specifies that Kerberos be used.
*
Specifies that Kerberos will be used if included as an item on the mechanism list.
ob_encrypt_mech
Determine the encryption mechanism for outbound connections. Valid values are the same as for ib_encrypt_mech.
ib_encrypt_mode
Determines the encryption mode for the inbound data stream. Valid values are as follows:
Off
Specifies that encryption be neither requested nor allowed.
Optional
Specifies that encryption may occur but is not requested.
On
Specifies that encryption is requested, if possible (if both ends support it).
Note:  This option replaces the REQUIRED option, which is deprecated.
Preferred
Specifies that encryption is desired and occurs if a compatible encryption mechanism is available unless peer is configured as OFF. No warning is given if encryption is not possible.
ob_encrypt_mode
Determines the encryption mode for the outbound data stream. Valid values are the same as for ib_encrypt_mode.
Outbound connection items may be configured as connection attributes in netutil.
The following example specifies Kerberos encryption for all inbound connections:
Name
Value
Units
ib_incrypt_mech
kerberos
*, mechanism name
ib_incrypt_mode
required
off, optional, on, required
Last modified date: 11/09/2022