From 9b26e3a8ec35d21e617729b5939a5a59eadcfc91 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Wed, 30 Apr 2003 09:57:00 +0000
Subject: [PATCH] more about the des3 mic mess

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12181 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/gssapi/gssapi.3      | 15 ++++++++++++---
 lib/gssapi/krb5/gssapi.3 | 15 ++++++++++++---
 2 files changed, 24 insertions(+), 6 deletions(-)

diff --git a/lib/gssapi/gssapi.3 b/lib/gssapi/gssapi.3
index 15e85c1db..261fa18ee 100644
--- a/lib/gssapi/gssapi.3
+++ b/lib/gssapi/gssapi.3
@@ -106,9 +106,18 @@ implementations when using
 .Fn gss_get_mic
 /
 .Fn gss_verify_mic .
+Its possible to modify the behavior of the generator of the MIC with
+the
+.Pa krb5.conf
+configuration file so that old clients/servers will still
+work.
 .Pp
-Default is to use the broken GSS-API DES3 mic in Heimdal 0.6, this
-will change in 0.7 to use correct des3 mic.
+New clients/servers will try both the old and new MIC in Heimdal 0.6.
+In 0.7 it will check only if configured and the compatibility code
+will be removed in 0.8.
+.Pp
+Heimdal 0.6 still generates by default the broken GSS-API DES3 mic,
+this will change in 0.7 to generate correct des3 mic.
 .Pp
 To turn on compatibility with older clients and servers, change the
 .Nm [gssapi]
@@ -117,7 +126,7 @@ in
 .Pa krb5.conf
 that contains a list of globbing expressions that will be matched
 against the server name.
-To turn off compatibility with older clients and servers use
+To turn off generation of the old (incompatible) mic of the MIC use
 .Nm [gssapi]
 .Ar correct_des3_mic .
 .Pp
diff --git a/lib/gssapi/krb5/gssapi.3 b/lib/gssapi/krb5/gssapi.3
index 15e85c1db..261fa18ee 100644
--- a/lib/gssapi/krb5/gssapi.3
+++ b/lib/gssapi/krb5/gssapi.3
@@ -106,9 +106,18 @@ implementations when using
 .Fn gss_get_mic
 /
 .Fn gss_verify_mic .
+Its possible to modify the behavior of the generator of the MIC with
+the
+.Pa krb5.conf
+configuration file so that old clients/servers will still
+work.
 .Pp
-Default is to use the broken GSS-API DES3 mic in Heimdal 0.6, this
-will change in 0.7 to use correct des3 mic.
+New clients/servers will try both the old and new MIC in Heimdal 0.6.
+In 0.7 it will check only if configured and the compatibility code
+will be removed in 0.8.
+.Pp
+Heimdal 0.6 still generates by default the broken GSS-API DES3 mic,
+this will change in 0.7 to generate correct des3 mic.
 .Pp
 To turn on compatibility with older clients and servers, change the
 .Nm [gssapi]
@@ -117,7 +126,7 @@ in
 .Pa krb5.conf
 that contains a list of globbing expressions that will be matched
 against the server name.
-To turn off compatibility with older clients and servers use
+To turn off generation of the old (incompatible) mic of the MIC use
 .Nm [gssapi]
 .Ar correct_des3_mic .
 .Pp