diff options
author | Tom Yu <tlyu@mit.edu> | 2010-02-25 20:09:45 +0000 |
---|---|---|
committer | Tom Yu <tlyu@mit.edu> | 2010-02-25 20:09:45 +0000 |
commit | 1619c3786c5b874b5fd88adc1f2fbaa50f2a95e4 (patch) | |
tree | 0746d6865399caf2fb2f5b5113f231ff13aff13c /src/config-files | |
parent | 052976b4e0c28736d0b363fc8ff37b7d1cb3a1fe (diff) | |
download | krb5-1619c3786c5b874b5fd88adc1f2fbaa50f2a95e4.zip krb5-1619c3786c5b874b5fd88adc1f2fbaa50f2a95e4.tar.gz krb5-1619c3786c5b874b5fd88adc1f2fbaa50f2a95e4.tar.bz2 |
doc updates for allow_weak_crypto
Update documentation to be more helpful about allow_weak_crypto.
ticket: 6669
target_version: 1.8
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23750 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/config-files')
-rw-r--r-- | src/config-files/krb5.conf.M | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/config-files/krb5.conf.M b/src/config-files/krb5.conf.M index b60836f..9778e81 100644 --- a/src/config-files/krb5.conf.M +++ b/src/config-files/krb5.conf.M @@ -128,6 +128,14 @@ types that should be requested by the client, in the same format. This relation identifies the permitted list of session key encryption types. +.IP allow_weak_crypto +If this is set to 0 (for false), then weak encryption types will be +filtered out of the previous three lists. The default value for this +tag is false, which may cause authentication failures in existing +Kerberos infrastructures that do not support strong crypto. Users in +affected environments should set this tag to true until their +infrastructure adopts stronger ciphers. + .IP clockskew This relation sets the maximum allowable amount of clockskew in seconds that the library will tolerate before assuming that a Kerberos message |