How do you change the default encryption settings for Active Directory connections from DLP Enforce to Kerberos used for Active Directory authentication.
By default, DLP uses RC4 for connections to Kerberos from DLP.
To change that default, you can modify the krb5.ini or krb5.conf file.
1. Modify the krb5.ini or krb5.conf file by adding the following two lines above the [realms] text:
default_tkt_enctypes = aes256-cts-hmac-sha1-96
default_tgs_enctypes = aes256-cts-hmac-sha1-96
2. Save the file.
3. Restart the Enforce services.
4. Test the connection by trying to login to Enforce with an Active Directory user.