For users authenticated by Kerberos (KRB5 or SPNEGO mechanism) who enable message encryption, the system uses the encryption method automatically negotiated by Kerberos, and in accordance with Internet Engineering Task Force (IETF) RFC 4121 Kerberos Version 5 Generic Security Service Application Program Interface (GSS-API).
For details on determining the encryption method when using Kerberos, see RFC 3961 and RFC 4121. The mechanism QOP is ignored.