On an active directory domain controller, this is the list of supported encryption types for local running kdc.
This allows Samba administrators to remove support for weak/unused encryption types, similar
the configuration flexibility provided by the Network security: Configure encryption types allowed for Kerberos
GPO/Local Policies/Security Options Value, which results in the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\SupportedEncryptionTypes Registry Value on Windows.
Unlike the Windows registry key (which only takes an base-10 number), in Samba this may also be expressed as hexadecimal or a list of Kerberos encryption type names.
Specified values are ORed together bitwise, and those currently supported consist of:
arcfour-hmac-md5, rc4-hmac, 0x4, or 4
Known on Windows as Kerberos RC4 encryption
aes128-cts-hmac-sha1-96, aes128-cts, 0x8, or 8
Known on Windows as Kerberos AES 128 bit encryption
aes256-cts-hmac-sha1-96, aes256-cts, 0x10, or 16
Known on Windows as Kerberos AES 256 bit encryption
0maps to what the software supports currently: arcfour-hmac-md5 aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96