Strictly Enforce Permitted Encryption Types
This parameter specifies if DirectControl should add or replace the permitted encryption types listed in the setting, permitted_enctypes in krb5.conf with the types specified in the setting, adclient.krb5.permitted.encryption.types in centrifydc.conf.
-
When this group policy is not set (default) — No change in behavior. it means DirectControl adds any additional encryption types.
Permitted encryption types from
centrifydc.confare added, if they were not already listed. Other items that were already inpermitted_enctypesare left alone and not removed. -
When this group policy is set — DirectControl replaces the setting,
permitted_enctypesinkrb5.confto match exactly with encryption types listed in the setting,adclient.krb5.permitted.encryption.typesincentrifydc.conf.Permitted encryption types from
centrifydc.confare added, if they were not already listed. Other items that were already inpermitted_enctypes, and not incentrifydc.conf, are removed.
This group policy is set as follows: Computer Configuration > Centrify Settings > DirectControl Settings > Kerberos Settings > Control if strictly enforce the permitted_encTypes.
