From 581ade0dbf09d7df8d067c52867b511172b8c1c0 Mon Sep 17 00:00:00 2001
From: Tom Yu <tlyu@mit.edu>
Date: Mon, 17 Dec 2012 19:43:35 -0500
Subject: [PATCH] Regenerate manpages

---
 src/man/krb5.conf.man | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/src/man/krb5.conf.man b/src/man/krb5.conf.man
index a5bb7c3c68..c382c7b6a9 100644
--- a/src/man/krb5.conf.man
+++ b/src/man/krb5.conf.man
@@ -236,22 +236,32 @@ invoking programs such as \fIkinit(1)\fP.
 .TP
 .B \fBdefault_tgs_enctypes\fP
 Identifies the supported list of session key encryption types that
-should be returned by the KDC, in order of preference from
-highest to lowest.  The list may be delimited with commas or
-whitespace.  See \fIEncryption_and_salt_types\fP in
+the client should request when making a TGS\-REQ, in order of
+preference from highest to lowest.  The list may be delimited with
+commas or whitespace.  See \fIEncryption_and_salt_types\fP in
 \fIkdc.conf(5)\fP for a list of the accepted values for this tag.
 The default value is \fBaes256\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha1\-96 des3\-cbc\-sha1 arcfour\-hmac\-md5 camellia256\-cts\-cmac camellia128\-cts\-cmac des\-cbc\-crc des\-cbc\-md5 des\-cbc\-md4\fP, but single\-DES encryption types
 will be implicitly removed from this list if the value of
 \fBallow_weak_crypto\fP is false.
+.sp
+Do not set this unless required for specific backward
+compatibility purposes; stale values of this setting can prevent
+clients from taking advantage of new stronger enctypes when the
+libraries are upgraded.
 .TP
 .B \fBdefault_tkt_enctypes\fP
 Identifies the supported list of session key encryption types that
-should be requested by the client, in order of preference from
-highest to lowest.  The format is the same as for
+the client should request when making an AS\-REQ, in order of
+preference from highest to lowest.  The format is the same as for
 default_tgs_enctypes.  The default value for this tag is
 \fBaes256\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha1\-96 des3\-cbc\-sha1 arcfour\-hmac\-md5 camellia256\-cts\-cmac camellia128\-cts\-cmac des\-cbc\-crc des\-cbc\-md5 des\-cbc\-md4\fP, but single\-DES encryption types will be implicitly
 removed from this list if the value of \fBallow_weak_crypto\fP is
 false.
+.sp
+Do not set this unless required for specific backward
+compatibility purposes; stale values of this setting can prevent
+clients from taking advantage of new stronger enctypes when the
+libraries are upgraded.
 .TP
 .B \fBdns_lookup_kdc\fP
 Indicate whether DNS SRV records should be used to locate the KDCs
-- 
2.47.2