The following centrifydc.conf configuration parameters affect FIPS operation. See the Configuration and Tuning Reference Guide for details about these parameters.
fips.mode.enable: Enable FIPS mode on a per-computer basis. This group policy modifies thefips.mode.enableparameter incentrifydc.conf.adclient.krb5.clean.nonfips.enctypes: If FIPS mode is enabled and this configuration parameter is set totrue,adclientscans the computer’skeytabfile and removes all non-AES encryption keys for service principal names (SPNs) during startup. The default isfalse.adclient.krb5.permitted.encryption.types: If FIPS mode is enabled, and if you include thearcfour-hmac-md5encryption type in this configuration parameter, and ifadclient.krb5.clean.nonfips.enctypesistrue,adclientgenerates the MD4 hash for the computer password and saves it in the keytab file.
Doc Feedback