From: Tom Yu Date: Tue, 18 Dec 2012 00:43:35 +0000 (-0500) Subject: Regenerate manpages X-Git-Tag: krb5-1.12-alpha1~406 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=581ade0dbf09d7df8d067c52867b511172b8c1c0;p=thirdparty%2Fkrb5.git Regenerate manpages --- diff --git a/src/man/krb5.conf.man b/src/man/krb5.conf.man index a5bb7c3c68..c382c7b6a9 100644 --- a/src/man/krb5.conf.man +++ b/src/man/krb5.conf.man @@ -236,22 +236,32 @@ invoking programs such as \fIkinit(1)\fP. .TP .B \fBdefault_tgs_enctypes\fP Identifies the supported list of session key encryption types that -should be returned by the KDC, in order of preference from -highest to lowest. The list may be delimited with commas or -whitespace. See \fIEncryption_and_salt_types\fP in +the client should request when making a TGS\-REQ, in order of +preference from highest to lowest. The list may be delimited with +commas or whitespace. See \fIEncryption_and_salt_types\fP in \fIkdc.conf(5)\fP for a list of the accepted values for this tag. The default value is \fBaes256\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha1\-96 des3\-cbc\-sha1 arcfour\-hmac\-md5 camellia256\-cts\-cmac camellia128\-cts\-cmac des\-cbc\-crc des\-cbc\-md5 des\-cbc\-md4\fP, but single\-DES encryption types will be implicitly removed from this list if the value of \fBallow_weak_crypto\fP is false. +.sp +Do not set this unless required for specific backward +compatibility purposes; stale values of this setting can prevent +clients from taking advantage of new stronger enctypes when the +libraries are upgraded. .TP .B \fBdefault_tkt_enctypes\fP Identifies the supported list of session key encryption types that -should be requested by the client, in order of preference from -highest to lowest. The format is the same as for +the client should request when making an AS\-REQ, in order of +preference from highest to lowest. The format is the same as for default_tgs_enctypes. The default value for this tag is \fBaes256\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha1\-96 des3\-cbc\-sha1 arcfour\-hmac\-md5 camellia256\-cts\-cmac camellia128\-cts\-cmac des\-cbc\-crc des\-cbc\-md5 des\-cbc\-md4\fP, but single\-DES encryption types will be implicitly removed from this list if the value of \fBallow_weak_crypto\fP is false. +.sp +Do not set this unless required for specific backward +compatibility purposes; stale values of this setting can prevent +clients from taking advantage of new stronger enctypes when the +libraries are upgraded. .TP .B \fBdns_lookup_kdc\fP Indicate whether DNS SRV records should be used to locate the KDCs