From 6f84a760026cdaf23854c6246405d36cc6c9761b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Fri, 25 Apr 2003 18:29:08 +0000
Subject: [PATCH] document [gssapi]correct_des3_mic [gssapi]broken_des3_mic

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12144 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/gssapi/gssapi.3      | 22 +++++++++++++++++++---
 lib/gssapi/krb5/gssapi.3 | 22 +++++++++++++++++++---
 2 files changed, 38 insertions(+), 6 deletions(-)

diff --git a/lib/gssapi/gssapi.3 b/lib/gssapi/gssapi.3
index 9cfe7586d..15e85c1db 100644
--- a/lib/gssapi/gssapi.3
+++ b/lib/gssapi/gssapi.3
@@ -107,20 +107,36 @@ implementations when using
 /
 .Fn gss_verify_mic .
 .Pp
+Default is to use the broken GSS-API DES3 mic in Heimdal 0.6, this
+will change in 0.7 to use correct des3 mic.
+.Pp
 To turn on compatibility with older clients and servers, change the
 .Nm [gssapi]
-.Ar broken_3des_mic
+.Ar broken_des3_mic
 in
 .Pa krb5.conf
 that contains a list of globbing expressions that will be matched
 against the server name.
+To turn off compatibility with older clients and servers use
+.Nm [gssapi]
+.Ar correct_des3_mic .
+.Pp
+If a match for a entry is in both
+.Nm [gssapi]
+.Ar correct_des3_mic
+and
+.Nm [gssapi]
+.Ar correct_des3_mic ,
+the later will override.
+.Pp
 This config option modifies behaviour for both clients and servers.
 .Pp
 Example:
 .Bd -literal -offset indent
 [gssapi]
-	broken_3des_mic = cvs/*@SU.SE
-	broken_3des_mic = host/*@SU.SE afs/*@SU.SE
+	broken_des3_mic = cvs/*@SU.SE
+	broken_des3_mic = host/*@E.KTH.SE
+	correct_des3_mic = host/*@SU.SE
 .Ed
 .Sh BUGS
 All of 0.5.x versions of
diff --git a/lib/gssapi/krb5/gssapi.3 b/lib/gssapi/krb5/gssapi.3
index 9cfe7586d..15e85c1db 100644
--- a/lib/gssapi/krb5/gssapi.3
+++ b/lib/gssapi/krb5/gssapi.3
@@ -107,20 +107,36 @@ implementations when using
 /
 .Fn gss_verify_mic .
 .Pp
+Default is to use the broken GSS-API DES3 mic in Heimdal 0.6, this
+will change in 0.7 to use correct des3 mic.
+.Pp
 To turn on compatibility with older clients and servers, change the
 .Nm [gssapi]
-.Ar broken_3des_mic
+.Ar broken_des3_mic
 in
 .Pa krb5.conf
 that contains a list of globbing expressions that will be matched
 against the server name.
+To turn off compatibility with older clients and servers use
+.Nm [gssapi]
+.Ar correct_des3_mic .
+.Pp
+If a match for a entry is in both
+.Nm [gssapi]
+.Ar correct_des3_mic
+and
+.Nm [gssapi]
+.Ar correct_des3_mic ,
+the later will override.
+.Pp
 This config option modifies behaviour for both clients and servers.
 .Pp
 Example:
 .Bd -literal -offset indent
 [gssapi]
-	broken_3des_mic = cvs/*@SU.SE
-	broken_3des_mic = host/*@SU.SE afs/*@SU.SE
+	broken_des3_mic = cvs/*@SU.SE
+	broken_des3_mic = host/*@E.KTH.SE
+	correct_des3_mic = host/*@SU.SE
 .Ed
 .Sh BUGS
 All of 0.5.x versions of