krb5 commit [krb5-1.11]: Regenerate manpages

Tom Yu tlyu at MIT.EDU
Mon Dec 17 20:05:10 EST 2012 

https://github.com/krb5/krb5/commit/21094ae51175ddd80284ec8f3ae6a86da63b980d
commit 21094ae51175ddd80284ec8f3ae6a86da63b980d
Author: Tom Yu <tlyu at mit.edu>
Date:   Mon Dec 17 19:43:35 2012 -0500

    Regenerate manpages

 src/man/krb5.conf.man |   20 +++++++++++++++-----
 1 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/src/man/krb5.conf.man b/src/man/krb5.conf.man
index 39330e1..42394bc 100644
--- a/src/man/krb5.conf.man
+++ b/src/man/krb5.conf.man
@@ -236,22 +236,32 @@ invoking programs such as \fIkinit(1)\fP.
 .TP
 .B \fBdefault_tgs_enctypes\fP
 Identifies the supported list of session key encryption types that
-should be returned by the KDC, in order of preference from
-highest to lowest.  The list may be delimited with commas or
-whitespace.  See \fIEncryption_and_salt_types\fP in
+the client should request when making a TGS\-REQ, in order of
+preference from highest to lowest.  The list may be delimited with
+commas or whitespace.  See \fIEncryption_and_salt_types\fP in
 \fIkdc.conf(5)\fP for a list of the accepted values for this tag.
 The default value is \fBaes256\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha1\-96 des3\-cbc\-sha1 arcfour\-hmac\-md5 camellia256\-cts\-cmac camellia128\-cts\-cmac des\-cbc\-crc des\-cbc\-md5 des\-cbc\-md4\fP, but single\-DES encryption types
 will be implicitly removed from this list if the value of
 \fBallow_weak_crypto\fP is false.
+.sp
+Do not set this unless required for specific backward
+compatibility purposes; stale values of this setting can prevent
+clients from taking advantage of new stronger enctypes when the
+libraries are upgraded.
 .TP
 .B \fBdefault_tkt_enctypes\fP
 Identifies the supported list of session key encryption types that
-should be requested by the client, in order of preference from
-highest to lowest.  The format is the same as for
+the client should request when making an AS\-REQ, in order of
+preference from highest to lowest.  The format is the same as for
 default_tgs_enctypes.  The default value for this tag is
 \fBaes256\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha1\-96 des3\-cbc\-sha1 arcfour\-hmac\-md5 camellia256\-cts\-cmac camellia128\-cts\-cmac des\-cbc\-crc des\-cbc\-md5 des\-cbc\-md4\fP, but single\-DES encryption types will be implicitly
 removed from this list if the value of \fBallow_weak_crypto\fP is
 false.
+.sp
+Do not set this unless required for specific backward
+compatibility purposes; stale values of this setting can prevent
+clients from taking advantage of new stronger enctypes when the
+libraries are upgraded.
 .TP
 .B \fBdns_lookup_kdc\fP
 Indicate whether DNS SRV records should be used to locate the KDCs

More information about the cvs-krb5 mailing list