Salting is really Encryption types and salting.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20632 ec53bebd-3082-4978-b11e-865c3cabbd6b

doc/setup.texi

@@ -23,7 +23,7 @@ doing so.  It will make life easier for you and everyone else.
 * Testing clients and servers::
 * Slave Servers::
 * Incremental propagation::
-* Salting::
+* Encryption types and salting::
 * Cross realm::
 * Transit policy::
 * Setting up DNS::
@@ -552,7 +552,7 @@ automate this you will want to start
 Starting the propagation once an hour from @command{cron} is probably a
 good idea.
 
-@node Incremental propagation, Salting, Slave Servers, Setting up a realm
+@node Incremental propagation, Encryption types and salting, Slave Servers, Setting up a realm
 @section Incremental propagation
 
 There is also a newer, and still somewhat experimental, mechanism for
@@ -612,9 +612,15 @@ slave#  /usr/heimdal/libexec/ipropd-slave master &
 To manage the iprop log file you should use the @command{iprop-log}
 command. With it you can dump, truncate and replay the logfile.
 
-@node Salting, Cross realm, Incremental propagation, Setting up a realm
+@node Encryption types and salting, Cross realm, Incremental propagation, Setting up a realm
-@section Salting
+@section Encryption types and salting
 @cindex Salting
+@cindex Encryption types
+
+The encryption types that the KDC is going to assign by default is
+possible to change. Since the keys used for user authentication is
+salted the encryption types are described together with the salt
+strings.
 
 Salting is used to make it harder to pre-calculate all possible
 keys. Using a salt increases the search space to make it almost
@@ -623,8 +629,8 @@ public string (the salt) with the password, then sending it through an
 encryption type specific string-to-key function that will output the
 fixed size encryption key.
 
-In Kerberos 5 the salt is determined by the encryption-type, except
+In Kerberos 5 the salt is determined by the encryption type, except in
-in some special cases.
+some special cases.
 
 In @code{des} there is the Kerberos 4 salt
 (none at all) or the afs-salt (using the cell (realm in
@@ -639,10 +645,11 @@ what salting to use.
 
 The syntax of @code{[kadmin]default_keys} is
 @samp{[etype:]salt-type[:salt-string]}. @samp{etype} is the encryption
-type (des, des3, arcfour), @code{salt-type} is the type of salt (pw-salt
+type (des-cbc-crc, arcfour-hmac-md5, aes256-cts-hmac-sha1-96),
-or afs3-salt), and the salt-string is the string that will be used as
+@code{salt-type} is the type of salt (pw-salt or afs3-salt), and the
-salt (remember that if the salt is appended/prepended, the empty salt ""
+salt-string is the string that will be used as salt (remember that if
-is the same thing as no salt at all).
+the salt is appended/prepended, the empty salt "" is the same thing as
+no salt at all).
 
 Common types of salting include
 
@@ -666,7 +673,7 @@ the cell name appended to the password.
 
 @end itemize
 
-@node Cross realm, Transit policy, Salting, Setting up a realm
+@node Cross realm, Transit policy, Encryption types and salting, Setting up a realm
 @section Cross realm
 @cindex Cross realm