packages: heimdal/heimdal-krb5.conf - how to use KCM - aes256 - weak-crypto...

[baggins]

Author: baggins                      Date: Thu Oct 21 12:57:47 2010 GMT
Module: packages                      Tag: HEAD
---- Log message:
- how to use KCM
- aes256
- weak-crypto clarification

---- Files affected:
packages/heimdal:
   heimdal-krb5.conf (1.11 -> 1.12) 

---- Diffs:

================================================================
Index: packages/heimdal/heimdal-krb5.conf
diff -u packages/heimdal/heimdal-krb5.conf:1.11 packages/heimdal/heimdal-krb5.conf:1.12
--- packages/heimdal/heimdal-krb5.conf:1.11	Thu Oct  7 17:35:36 2010
+++ packages/heimdal/heimdal-krb5.conf	Thu Oct 21 14:57:42 2010
@@ -1,11 +1,12 @@
 [libdefaults]
-#	default_cc_name = KCM:%{uid}
+#	default_cc_type = KCM
+#	default_cc_name = FILE:/tmp/krb5cc_%{uid}
 	ticket_lifetime = 24h
 	renew_lifetime = 24h
         default_realm = MY.REALM
 #	default_keytab_name = FILE:/etc/krb5.keytab
-#	default_etypes = des3-hmac-sha1 arcfour-hmac-md5
-#	default_etypes_des = des3-hmac-sha1 des-cbc-crc des-cbc-md5 des-cbc-md4 arcfour-hmac-md5
+#	default_etypes = des3-hmac-sha1 arcfour-hmac-md5 aes256-cts-hmac-sha1-96
+#	default_etypes_des = des-cbc-crc des-cbc-md5 des-cbc-md4 des3-hmac-sha1 arcfour-hmac-md5 aes256-cts-hmac-sha1-96
 	kdc_timesync = 1
 	clockskew = 300
 	forwardable = true
@@ -16,7 +17,7 @@
 # WARNING!!!
 # As of heimdal 1.3 DES is deprecated, that means you MUST uncomment
 # the following line if you use any flavor of kerberized NFS on
-# kernels prior to 2.6.35.
+# kernels prior to 2.6.35 and nfs-utils < 1.2.3.
 # http://www.h5l.org/blog/index.php/2008/10/des-will-die-in-heimdal/
 #	allow_weak_crypto = true
 
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/heimdal/heimdal-krb5.conf?r1=1.11&r2=1.12&f=u