This parameter determines whether Samba client tools will try
to authenticate using Kerberos. For Kerberos authentication you
need to use dns names instead of IP addresses when connnecting
to a service.
Possible option settings are:
desired - Kerberos
authentication will be tried first and if it fails it
automatically fallback to NTLM.
required - Kerberos
authentication will be required. There will be no
falllback to NTLM or a different alternative.
off - Don't use
Kerberos, use NTLM instead or another
alternative.
In case that weak cryptography is not allowed (e.g. FIPS mode)
the default will be forced to required.
desired