rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity
1a6673d2ee
krb5/Update-default-krb5kdc-mkey-manual-entry-enctype.patch
Robbie Harwood 3f80a77313 Remove support for single-DES and CRC
2019-05-28 15:22:45 -04:00

55 lines
2.2 KiB
Diff
Raw Blame History

From 2957d2186ee2b60b80e6ba97a1f5d661ccb20f30 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Mon, 20 May 2019 16:52:57 -0400
Subject: [PATCH] Update default krb5kdc mkey manual-entry enctype
Change from the legacy des-cbc-crc to the default for kdb5_util and
kadmind, which is currently aes256-cts-hmac-sha1-96.
(cherry picked from commit 512f5cde625253cba1e6f87e037a00ef88178882)
---
doc/admin/admin_commands/krb5kdc.rst | 2 +-
src/kdc/main.c | 2 +-
src/man/krb5kdc.man | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/doc/admin/admin_commands/krb5kdc.rst b/doc/admin/admin_commands/krb5kdc.rst
index 0342d0d18..455bb6858 100644
--- a/doc/admin/admin_commands/krb5kdc.rst
+++ b/doc/admin/admin_commands/krb5kdc.rst
@@ -39,7 +39,7 @@ LDAP database.
The **-k** *keytype* option specifies the key type of the master key
to be entered manually as a password when **-m** is given; the default
-is ``des-cbc-crc``.
+is |defmkey|.
The **-M** *mkeyname* option specifies the principal name for the
master key in the database (usually ``K/M`` in the KDC's realm).
diff --git a/src/kdc/main.c b/src/kdc/main.c
index 60092a0df..04393772f 100644
--- a/src/kdc/main.c
+++ b/src/kdc/main.c
@@ -777,7 +777,7 @@ initialize_realms(krb5_context kcontext, int argc, char **argv,
case 'm': /* manual type-in of master key */
manual = TRUE;
if (menctype == ENCTYPE_UNKNOWN)
- menctype = ENCTYPE_DES_CBC_CRC;
+ menctype = DEFAULT_KDC_ENCTYPE;
break;
case 'M': /* master key name in DB */
mkey_name = optarg;
diff --git a/src/man/krb5kdc.man b/src/man/krb5kdc.man
index 8ace9662f..aa8614698 100644
--- a/src/man/krb5kdc.man
+++ b/src/man/krb5kdc.man
@@ -59,7 +59,7 @@ LDAP database.
.sp
The \fB\-k\fP \fIkeytype\fP option specifies the key type of the master key
to be entered manually as a password when \fB\-m\fP is given; the default
-is \fBdes\-cbc\-crc\fP\&.
+is \fBaes256\-cts\-hmac\-sha1\-96\fP\&.
.sp
The \fB\-M\fP \fImkeyname\fP option specifies the principal name for the
master key in the database (usually \fBK/M\fP in the KDC\(aqs realm).
Reference in New Issue View Git Blame Copy Permalink