Changing encryption values on IBM i PASE Kerberos server

If necessary, change the default encryption settings on the Kerberos server so that clients can be authenticated to the IBM® i PASE Kerberos server.

To change the default encryption settings, you need to edit the kdc.conf file located in the /var/krb5/krb5kdc directory by following these steps:
  1. In a character-based interface, enter edtf '/var/krb5/krb5kdc/kdc.conf' to access the kdc.conf file.
  2. The list below contains the supported encryption types. Add or remove values so that the list contains the encryption types you want to support.
    supported_enctypes = des3-cbc-sha1:normal 
    arcfour-hmac:normal aes256-cts:normal 
    des-cbc-md5:normal des-cbc-crc:normal