Related configuration parameters
The following centrifydc.conf
configuration parameters affect FIPS operation. See the Configuration and Tuning Reference Guide for details about these parameters.
fips.mode.enable
: Enable FIPS mode on a per-computer basis. This group policy modifies thefips.mode.enable
parameter incentrifydc.conf
.adclient.krb5.clean.nonfips.enctypes
: If FIPS mode is enabled and this configuration parameter is set totrue
,adclient
scans the computer’skeytab
file and removes all non-AES encryption keys for service principal names (SPNs) during startup. The default isfalse
.adclient.krb5.permitted.encryption.types
: If FIPS mode is enabled, and if you include thearcfour-hmac-md5
encryption type in this configuration parameter, and ifadclient.krb5.clean.nonfips.enctypes
istrue
,adclient
generates the MD4 hash for the computer password and saves it in the keytab file.