adclient.krb5.permitted.encryption.types
This configuration parameter specifies the types of encryption that can be used in Kerberos client credentials.
The parameter value must be one or more encryption types, separated by a space. For example:
adclient.krb5.permitted.encryption.types: arcfour-hmac-md5 des-cbc-md5
If this parameter is not defined in the configuration file, the default encryption types permitted are:
-
Windows 2000 server and Windows Server 2003: arcfour-hmac-md5, des-cbc-md5, and des-cbc-crc.
-
Windows Server 2008 domain functional level supports these additional types:
aes128-cts and aes256-cts. Although you can specify these types in an environment other than 2008 domain functional level, they are not useful and may cause extra network round trips during the authentication process.
