Point to the admin guide, which for whatever reason people don't know to check for the list of recognized values. The kdc_supported_enctypes setting isn't used by anything, so while we're making edits, drop it. diff -up krb5/src/config-files/kdc.conf.M krb5/src/config-files/kdc.conf.M --- krb5/src/config-files/kdc.conf.M 2010-07-07 15:16:54.000000000 -0400 +++ krb5/src/config-files/kdc.conf.M 2010-07-07 15:17:28.000000000 -0400 @@ -238,10 +238,9 @@ this realm. .IP supported_enctypes list of key:salt strings that specifies the default key/salt -combinations of principals for this realm - -.IP kdc_supported_enctypes -specifies the permitted key-salt combinations of principals for this realm +combinations of principals for this realm. The full list of supported +encryption (key) and salt types can be found in the Kerberos V5 System +Administrator's Guide. .IP reject_bad_transit this