Strictly Enforce Permitted Encryption Types

This parameter specifies if DirectControl should add or replace the permitted encryption types listed in the setting, permitted_enctypes in krb5.conf with the types specified in the setting, adclient.krb5.permitted.encryption.types in centrifydc.conf.

  • When this group policy is not set (default) —No change in behavior. it means DirectControl adds any additional encryption types.

    Permitted encryption types from centrifydc.conf are added, if they were not already listed. Other items that were already in permitted_enctypes are left alone and not removed.

  • When this group policy is set—DirectControl replaces the setting, permitted_enctypes in krb5.conf to match exactly with encryption types listed in the setting, adclient.krb5.permitted.encryption.types in centrifydc.conf.

    Permitted encryption types from centrifydc.conf are added, if they were not already listed. Other items that were already in permitted_enctypes, and not in centrifydc.conf, are removed.

This group policy is set as follows: Computer Configuration > Centrify Settings > DirectControl Settings > Kerberos Settings > Control if strictly enforce the permitted_encTypes.