more about the des3 mic mess

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12181 ec53bebd-3082-4978-b11e-865c3cabbd6b
2003-04-30 09:57:00 +00:00
parent 327f5dc311
commit 9b26e3a8ec
2 changed files with 24 additions and 6 deletions
--- a/lib/gssapi/gssapi.3
+++ b/lib/gssapi/gssapi.3
@@ -106,9 +106,18 @@ implementations when using
 .Fn gss_get_mic
 /
 .Fn gss_verify_mic .
+Its possible to modify the behavior of the generator of the MIC with
+the
+.Pa krb5.conf
+configuration file so that old clients/servers will still
+work.
 .Pp
-Default is to use the broken GSS-API DES3 mic in Heimdal 0.6, this
-will change in 0.7 to use correct des3 mic.
+New clients/servers will try both the old and new MIC in Heimdal 0.6.
+In 0.7 it will check only if configured and the compatibility code
+will be removed in 0.8.
+.Pp
+Heimdal 0.6 still generates by default the broken GSS-API DES3 mic,
+this will change in 0.7 to generate correct des3 mic.
 .Pp
 To turn on compatibility with older clients and servers, change the
 .Nm [gssapi]
@@ -117,7 +126,7 @@ in
 .Pa krb5.conf
 that contains a list of globbing expressions that will be matched
 against the server name.
-To turn off compatibility with older clients and servers use
+To turn off generation of the old (incompatible) mic of the MIC use
 .Nm [gssapi]
 .Ar correct_des3_mic .
 .Pp