Change encryption values on i5/OS PASE Kerberos server

To operate with Windows® workstations, the Kerberos server default encryption settings need to be changed so that clients can be authenticated to the i5/OS™ PASE Kerberos server. To change the default encryption settings, you need to edit the kdc.conf file located in the /etc/krb5 directory, by following these steps:
  1. In a character-based interface, enter edtf '/var/krb5/krb5kdc/kdc.conf' to access the kdc.conf file.
  2. Change the following lines in the kdc.conf file: 
    supported_enctypes = des3-cbc-sha1:normal 
des-cbc-md5:normal des-cbc-crc:normal 
kdc_supported_enctypes = des3-cbc-sha1:normal 
des-cbc-md5:normal des-cbc-crc:normal
    to
    supported_enctypes = des-cbc-md5:normal
kdc_supported_enctypes = des-cbc-md5:normal
Parent topic: Scenario: Set up Kerberos server in i5/OS PASE
Previous topic: Configure Kerberos server in i5/OS PASE
Next topic: Stop and restart Kerberos server in i5/OS PASE