Related configuration parameters

The following centrifydc.conf configuration parameters affect FIPS operation. See the Configuration and Tuning Reference Guide for details about these parameters.

  • fips.mode.enable: Enable FIPS mode on a per-computer basis. This group policy modifies the fips.mode.enable parameter in centrifydc.conf.
  • adclient.krb5.clean.nonfips.enctypes: If FIPS mode is enabled and this configuration parameter is set to true, adclient scans the computer’s keytab file and removes all non-AES encryption keys for service principal names (SPNs) during startup. The default is false.
  • adclient.krb5.permitted.encryption.types: If FIPS mode is enabled, and if you include the arcfour-hmac-md5 encryption type in this configuration parameter, and if adclient.krb5.clean.nonfips.enctypes is true, adclient generates the MD4 hash for the computer password and saves it in the keytab file.