From: Zhanna Tsitkov <tsitkova@mit.edu>
Date: Wed, 22 Aug 2012 17:05:25 +0000 (-0400)
Subject: Document preference order of enctypes in krb5.conf
X-Git-Tag: krb5-1.11-alpha1~316
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=bbe2600c832bf23c208da30b5f702274bcb08fb1;p=thirdparty%2Fkrb5.git

Document preference order of enctypes in krb5.conf
---

diff --git a/doc/rst_source/krb_admins/conf_files/krb5_conf.rst b/doc/rst_source/krb_admins/conf_files/krb5_conf.rst
index a790caa6e2..996f93bc70 100644
--- a/doc/rst_source/krb_admins/conf_files/krb5_conf.rst
+++ b/doc/rst_source/krb_admins/conf_files/krb5_conf.rst
@@ -157,8 +157,9 @@ The libdefaults section may contain any of the following relations:
 
 **default_tgs_enctypes**
     Identifies the supported list of session key encryption types that
-    should be returned by the KDC.  The list may be delimited with
-    commas or whitespace.  See :ref:`Encryption_and_salt_types` in
+    should be returned by the KDC, in order of preference from
+    highest to lowest.  The list may be delimited with commas or
+    whitespace.  See :ref:`Encryption_and_salt_types` in
     :ref:`kdc.conf(5)` for a list of the accepted values for this tag.
     The default value is |defetypes|, but single-DES encryption types
     will be implicitly removed from this list if the value of
@@ -166,7 +167,8 @@ The libdefaults section may contain any of the following relations:
 
 **default_tkt_enctypes**
     Identifies the supported list of session key encryption types that
-    should be requested by the client.  The format is the same as for
+    should be requested by the client, in order of preference from
+    highest to lowest.  The format is the same as for
     default_tgs_enctypes.  The default value for this tag is
     |defetypes|, but single-DES encryption types will be implicitly
     removed from this list if the value of **allow_weak_crypto** is