diff options
| -rw-r--r-- | doc/admin/conf_files/krb5_conf.rst | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst index f2f22afa4..4f88c5566 100644 --- a/doc/admin/conf_files/krb5_conf.rst +++ b/doc/admin/conf_files/krb5_conf.rst @@ -99,12 +99,12 @@ Additionally, krb5.conf may include any of the relations described in The libdefaults section may contain any of the following relations: **allow_weak_crypto** - If this flag is set to false, then weak encryption types will be - filtered out of the previous three lists (as noted in - :ref:`Encryption_and_salt_types` in :ref:`kdc.conf(5)`). The - default value for this tag is false, which may cause - authentication failures in existing Kerberos infrastructures that - do not support strong crypto. Users in affected environments + If this flag is set to false, then weak encryption types (as noted in + :ref:`Encryption_and_salt_types` in :ref:`kdc.conf(5)`) will be filtered + out of the lists **default_tgs_enctypes**, **default_tkt_enctypes**, and + **permitted_enctypes**. The default value for this tag is false, which + may cause authentication failures in existing Kerberos infrastructures + that do not support strong crypto. Users in affected environments should set this tag to true until their infrastructure adopts stronger ciphers. |