Bastian Blank <[EMAIL PROTECTED]> writes: > Package: krb5-config > Version: 1.18 > Severity: normal > > The default enctypes in krb5.conf are out of date. According to the > krb5 source (src/lib/krb5/krb/init_ctx.c) the definition is: > | aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 > | arcfour-hmac-md5 des-cbc-crc des-cbc-md5 des-cbc-md4
Er, yes, that's why they're commented out, as the comment explains. The commented-out lines are not intended to be documentation of the default enctypes. I suppose we could change the example to be closer to something that you'd actually want to do in unusual circumstances, like restrict the enctypes to 3DES to work around buggy Java software that can't handle AES keys. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
