Allow Weak Encryption Types for Kerberos Authentication
Use this group policy to specify whether to allow weak encryption types for Kerberos authentication.
By default (not configured), this policy allows the weak encryption types specified in the configuration parameters adclient.krb5.permitted.encryption.types and adclient.krb5.tkt.encryption.types.
These encryption types include:
des-cdc-crcdes-cbc-md4dec-cbc-md5dec-cbc-rawdes3-cbc-rawdes-hmac-sha1arcfour-hmac-exprc4-hmac-exparcfour-hmac-md5-exp
If you disable this policy, the above encryption types will not be supported. Note that setting this policy to disabled may cause authentication failures in existing Kerberos environments that do not support strong cryptography. Users in these environments should leave this policy set to Not Configured or Enabled until their environment adopts stronger cyphers.
This policy modifies the adclient.krb5.allow_weak_crypto parameter in the agent configuration file.
