Add user documentation for the enctypes attribute on keytabs. Mention

that the enctype must be in the database in the keytab object API documentation. The README and NEWS files are now done.
author: Russ Allbery <rra@stanford.edu> 2007-10-09 19:05:45 +0000
committer: Russ Allbery <rra@stanford.edu> 2007-10-09 19:05:45 +0000
commit: 16c2fc19f3955afa1e6579e450594253a7e0a69a (patch)
tree: 828fc4bef99e463312467badd6b1e5c1d93ca462 /server/wallet-backend
parent: 62b8ed8126729623199e47af565a6f69083ecee6 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/server/wallet-backend b/server/wallet-backend
index 0daf08d..9c6632e 100755
--- a/server/wallet-backend
+++ b/server/wallet-backend
@@ -394,6 +394,18 @@ Keytab objects support the following attributes:
 
 =over 4
 
+=item enctypes
+
+Restricts the generated keytab to a specific set of encryption types.  The
+values of this attribute must be enctype strings recognized by Kerberos
+(strings like C<aes256-cts> or C<des-cbc-crc>).  Note that the salt should
+not be included; since the salt is irrelevant for keytab keys, it will
+always be set to C<normal> by the wallet.
+
+If this attribute is set, the specified enctype list will be passed to ktadd
+when get() is called for that keytab.  If it is not set, the default set in
+the KDC will be used.
+
 =item sync
 
 Sets the external systems to which the key of a given principal is
author	Russ Allbery <rra@stanford.edu>	2007-10-09 19:05:45 +0000
committer	Russ Allbery <rra@stanford.edu>	2007-10-09 19:05:45 +0000
commit	16c2fc19f3955afa1e6579e450594253a7e0a69a (patch)
tree	828fc4bef99e463312467badd6b1e5c1d93ca462 /server/wallet-backend
parent	62b8ed8126729623199e47af565a6f69083ecee6 (diff)