diff options
| author | Tom Yu <tlyu@mit.edu> | 2012-12-17 19:43:35 -0500 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2012-12-17 19:43:35 -0500 |
| commit | 581ade0dbf09d7df8d067c52867b511172b8c1c0 (patch) | |
| tree | 30368e44f869ee576c66eddba5018eca817bfe3b /src | |
| parent | b11883ad8647a73a12a17c1be2c75f5365719342 (diff) | |
| download | krb5-581ade0dbf09d7df8d067c52867b511172b8c1c0.tar.gz krb5-581ade0dbf09d7df8d067c52867b511172b8c1c0.tar.xz krb5-581ade0dbf09d7df8d067c52867b511172b8c1c0.zip | |
Regenerate manpages
Diffstat (limited to 'src')
| -rw-r--r-- | src/man/krb5.conf.man | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/src/man/krb5.conf.man b/src/man/krb5.conf.man index a5bb7c3c68..c382c7b6a9 100644 --- a/src/man/krb5.conf.man +++ b/src/man/krb5.conf.man @@ -236,22 +236,32 @@ invoking programs such as \fIkinit(1)\fP. .TP .B \fBdefault_tgs_enctypes\fP Identifies the supported list of session key encryption types that -should be returned by the KDC, in order of preference from -highest to lowest. The list may be delimited with commas or -whitespace. See \fIEncryption_and_salt_types\fP in +the client should request when making a TGS\-REQ, in order of +preference from highest to lowest. The list may be delimited with +commas or whitespace. See \fIEncryption_and_salt_types\fP in \fIkdc.conf(5)\fP for a list of the accepted values for this tag. The default value is \fBaes256\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha1\-96 des3\-cbc\-sha1 arcfour\-hmac\-md5 camellia256\-cts\-cmac camellia128\-cts\-cmac des\-cbc\-crc des\-cbc\-md5 des\-cbc\-md4\fP, but single\-DES encryption types will be implicitly removed from this list if the value of \fBallow_weak_crypto\fP is false. +.sp +Do not set this unless required for specific backward +compatibility purposes; stale values of this setting can prevent +clients from taking advantage of new stronger enctypes when the +libraries are upgraded. .TP .B \fBdefault_tkt_enctypes\fP Identifies the supported list of session key encryption types that -should be requested by the client, in order of preference from -highest to lowest. The format is the same as for +the client should request when making an AS\-REQ, in order of +preference from highest to lowest. The format is the same as for default_tgs_enctypes. The default value for this tag is \fBaes256\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha1\-96 des3\-cbc\-sha1 arcfour\-hmac\-md5 camellia256\-cts\-cmac camellia128\-cts\-cmac des\-cbc\-crc des\-cbc\-md5 des\-cbc\-md4\fP, but single\-DES encryption types will be implicitly removed from this list if the value of \fBallow_weak_crypto\fP is false. +.sp +Do not set this unless required for specific backward +compatibility purposes; stale values of this setting can prevent +clients from taking advantage of new stronger enctypes when the +libraries are upgraded. .TP .B \fBdns_lookup_kdc\fP Indicate whether DNS SRV records should be used to locate the KDCs |