Allow weak encryption types for Kerberos authentication

Use this group policy to specify whether to allow weak encryption types for Kerberos authentication.

By default (not configured), this policy allows the weak encryption types specified in the configuration parameters adclient.krb5.permitted.encryption.types and adclient.krb5.tkt.encryption.types.

These encryption types include:

des-cdc-crc
des-cbc-md4
dec-cbc-md5
dec-cbc-raw
des3-cbc-raw
des-hmac-sha1
arcfour-hmac-exp
rc4-hmac-exp
arcfour-hmac-md5-exp

If you disable this policy, the above encryption types will not be supported. Note that setting this policy to disabled may cause authentication failures in existing Kerberos environments that do not support strong cryptography. Users in these environments should leave this policy set to Not Configured or Enabled until their environment adopts stronger cyphers.

This policy modifies the adclient.krb5.allow_weak_crypto parameter in the agent configuration file.