From 7bf8898abbc5d2ad84641373dc0a838daf0b3b7a Mon Sep 17 00:00:00 2001
From: =?utf8?q?Jan=20R=C4=99korajski?= <baggins@pld-linux.org>
Date: Thu, 21 Oct 2010 12:57:42 +0000
Subject: [PATCH] - how to use KCM - aes256 - weak-crypto clarification

Changed files:
    heimdal-krb5.conf -> 1.12
---
 heimdal-krb5.conf | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/heimdal-krb5.conf b/heimdal-krb5.conf
index 7c79f89..dce671d 100644
--- a/heimdal-krb5.conf
+++ b/heimdal-krb5.conf
@@ -1,11 +1,12 @@
 [libdefaults]
-#	default_cc_name = KCM:%{uid}
+#	default_cc_type = KCM
+#	default_cc_name = FILE:/tmp/krb5cc_%{uid}
 	ticket_lifetime = 24h
 	renew_lifetime = 24h
         default_realm = MY.REALM
 #	default_keytab_name = FILE:/etc/krb5.keytab
-#	default_etypes = des3-hmac-sha1 arcfour-hmac-md5
-#	default_etypes_des = des3-hmac-sha1 des-cbc-crc des-cbc-md5 des-cbc-md4 arcfour-hmac-md5
+#	default_etypes = des3-hmac-sha1 arcfour-hmac-md5 aes256-cts-hmac-sha1-96
+#	default_etypes_des = des-cbc-crc des-cbc-md5 des-cbc-md4 des3-hmac-sha1 arcfour-hmac-md5 aes256-cts-hmac-sha1-96
 	kdc_timesync = 1
 	clockskew = 300
 	forwardable = true
@@ -16,7 +17,7 @@
 # WARNING!!!
 # As of heimdal 1.3 DES is deprecated, that means you MUST uncomment
 # the following line if you use any flavor of kerberized NFS on
-# kernels prior to 2.6.35.
+# kernels prior to 2.6.35 and nfs-utils < 1.2.3.
 # http://www.h5l.org/blog/index.php/2008/10/des-will-die-in-heimdal/
 #	allow_weak_crypto = true
 
-- 
2.44.0