Change encryption values on i5/OS PASE Kerberos server

To operate with Windows® workstations, the Kerberos server default encryption settings need to be changed so that clients can be authenticated to the i5/OS™ PASE Kerberos server. To change the default encryption settings, you need to edit the kdc.conf file located in the /var/krb5/krb5kdc directory, by following these steps:
  1. In a character-based interface, enter edtf '/var/krb5/krb5kdc/kdc.conf' to access the kdc.conf file.
  2. Change the following lines in the kdc.conf file: 
    supported_enctypes = des3-cbc-sha1:normal 
des-cbc-md5:normal des-cbc-crc:normal 
kdc_supported_enctypes = des3-cbc-sha1:normal 
des-cbc-md5:normal des-cbc-crc:normal
    to
    supported_enctypes = des-cbc-md5:normal
kdc_supported_enctypes = des-cbc-md5:normal
Parent topic: Scenario: Set up cross realm trust
Previous topic: Create realm trust principal on the i5/OS PASE Kerberos server
Next topic: Configure the Windows 2000 server to trust SHIPDEPT.MYCO.COM