Add AES SHA-2 HMAC family as default KDC etypes
Resolves: rhbz#2068535 Signed-off-by: Julien Rische <jrische@redhat.com>
This commit is contained in:
parent
1f6e56b48b
commit
12d175e299
6
kdc.conf
6
kdc.conf
@ -5,10 +5,12 @@
|
|||||||
|
|
||||||
[realms]
|
[realms]
|
||||||
EXAMPLE.COM = {
|
EXAMPLE.COM = {
|
||||||
#master_key_type = aes256-cts
|
master_key_type = aes256-cts-hmac-sha384-192
|
||||||
acl_file = /var/kerberos/krb5kdc/kadm5.acl
|
acl_file = /var/kerberos/krb5kdc/kadm5.acl
|
||||||
dict_file = /usr/share/dict/words
|
dict_file = /usr/share/dict/words
|
||||||
default_principal_flags = +preauth
|
default_principal_flags = +preauth
|
||||||
admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
|
admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
|
||||||
supported_enctypes = aes256-cts:normal aes128-cts:normal arcfour-hmac:normal camellia256-cts:normal camellia128-cts:normal
|
supported_enctypes = aes256-cts-hmac-sha384-192:normal aes128-cts-hmac-sha256-128:normal aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal camellia256-cts-cmac:normal camellia128-cts-cmac:normal arcfour-hmac-md5:normal
|
||||||
|
# Supported encryption types for FIPS mode:
|
||||||
|
#supported_enctypes = aes256-cts-hmac-sha384-192:normal aes128-cts-hmac-sha256-128:normal
|
||||||
}
|
}
|
||||||
|
@ -34,7 +34,7 @@
|
|||||||
#
|
#
|
||||||
# baserelease is what we have standardized across Fedora and what
|
# baserelease is what we have standardized across Fedora and what
|
||||||
# rpmdev-bumpspec knows how to handle.
|
# rpmdev-bumpspec knows how to handle.
|
||||||
%global baserelease 3
|
%global baserelease 4
|
||||||
|
|
||||||
# This should be e.g. beta1 or %%nil
|
# This should be e.g. beta1 or %%nil
|
||||||
%global pre_release %nil
|
%global pre_release %nil
|
||||||
@ -661,6 +661,11 @@ exit 0
|
|||||||
%{_libdir}/libkadm5srv_mit.so.*
|
%{_libdir}/libkadm5srv_mit.so.*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jan 12 2023 Julien Rische <jrische@redhat.com> - 1.20.1-4
|
||||||
|
- Set aes256-cts-hmac-sha384-192 as EXAMLE.COM master key in kdc.conf
|
||||||
|
- Add AES SHA-2 HMAC family as EXAMPLE.COM supported etypes in kdc.conf
|
||||||
|
- Resolves: rhbz#2068535
|
||||||
|
|
||||||
* Tue Jan 10 2023 Julien Rische <jrische@redhat.com> - 1.20.1-2
|
* Tue Jan 10 2023 Julien Rische <jrische@redhat.com> - 1.20.1-2
|
||||||
- Strip debugging data from ksu executable file
|
- Strip debugging data from ksu executable file
|
||||||
- Resolves: rhbz#2159643
|
- Resolves: rhbz#2159643
|
||||||
|
Loading…
Reference in New Issue
Block a user