Update default krb5kdc mkey manual-entry enctype

Change from the legacy des-cbc-crc to the default for kdb5_util and kadmind, which is currently aes256-cts-hmac-sha1-96.
krb5 · May 21, 2019 · 512f5cd · 512f5cd
1 parent 3e94e53
commit 512f5cd
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 3 deletions.
diff --git a/doc/admin/admin_commands/krb5kdc.rst b/doc/admin/admin_commands/krb5kdc.rst
@@ -41,7 +41,7 @@ LDAP database.
 
 The **-k** *keytype* option specifies the key type of the master key
 to be entered manually as a password when **-m** is given; the default
-is ``des-cbc-crc``.
+is |defmkey|.
 
 The **-M** *mkeyname* option specifies the principal name for the
 master key in the database (usually ``K/M`` in the KDC's realm).

diff --git a/src/kdc/main.c b/src/kdc/main.c
@@ -777,7 +777,7 @@ initialize_realms(krb5_context kcontext, int argc, char **argv,
         case 'm':                       /* manual type-in of master key */
             manual = TRUE;
             if (menctype == ENCTYPE_UNKNOWN)
-                menctype = ENCTYPE_DES_CBC_CRC;
+                menctype = DEFAULT_KDC_ENCTYPE;
             break;
         case 'M':                       /* master key name in DB */
             mkey_name = optarg;

diff --git a/src/man/krb5kdc.man b/src/man/krb5kdc.man
@@ -61,7 +61,7 @@ LDAP database.
 .sp
 The \fB\-k\fP \fIkeytype\fP option specifies the key type of the master key
 to be entered manually as a password when \fB\-m\fP is given; the default
-is \fBdes\-cbc\-crc\fP\&.
+is \fBaes256\-cts\-hmac\-sha1\-96\fP\&.
 .sp
 The \fB\-M\fP \fImkeyname\fP option specifies the principal name for the
 master key in the database (usually \fBK/M\fP in the KDC\(aqs realm).