From 70d3717e8bd8e71641a04471cd49cd75fbe465a1 Mon Sep 17 00:00:00 2001
From: Simo Sorce <ssorce@redhat.com>
Date: Tue, 8 Apr 2008 18:02:42 -0400
Subject: Add --permitted-enctypes command and add it to the man page too

---
 ipa-client/man/ipa-getkeytab.1 | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

(limited to 'ipa-client/man')

diff --git a/ipa-client/man/ipa-getkeytab.1 b/ipa-client/man/ipa-getkeytab.1
index 29710918a..90fba04d4 100644
--- a/ipa-client/man/ipa-getkeytab.1
+++ b/ipa-client/man/ipa-getkeytab.1
@@ -62,10 +62,31 @@ created if not existing).
 \fB\-e encryption-types\fR
 The list of encryption types to use to generate keys.
 ipa-getkeytab will use local client defaults if not provided.
+Valid values depend on the kerberos library version and configuration.
+Common values are:
+aes256-cts
+aes128-cts
+des3-hmac-sha1
+arcfour-hmac
+des-hmac-sha1
+des-cbc-md5
+des-cbc-crc
 
 \fB\-q\fR
 Keep quiet.
 
+\fB\--permitted-enctypes\fR
+This options returns a description of the permitted encryption types, like this:
+Supported encryption types:
+AES-256 CTS mode with 96-bit SHA-1 HMAC
+AES-128 CTS mode with 96-bit SHA-1 HMAC
+Triple DES cbc mode with HMAC/sha1
+ArcFour with HMAC/md5
+DES cbc mode with CRC-32
+DES cbc mode with RSA-MD5
+DES cbc mode with RSA-MD4
+
+
 .SH "EXAMPLES"
 
 Add and retrieve a keytab for the ldap service principal on
-- 
cgit