rpms
/
krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity
The Kerberos network authentication system
48 Commits 9 Branches 43 Tags 7.2 MiB
Diff 100%
Go to file
Julien Rische 49e904cdde Do not block KRB5KDF and MD4/5 in FIPS mode 
Bypass OpenSSL's restrictions to use KRB5KDF in FIPS mode in case at
least one of AES SHA-1 HMAC encryption types are used.

Use OpenSSL 3.0 library context to access MD4 and MD5 lazily from
legacy provider if RADIUS is being used or RC4 encryption type is
enabled, without affecting global context.

Such exceptions should not be allowed by the default FIPS crypto
policy.

Resolves: rhbz#2162461

Signed-off-by: Julien Rische <jrische@redhat.com>
 		2023-01-19 19:39:27 +01:00
tests RHEL 9.0.0 Alpha bootstrap 2020-10-15 15:05:18 +02:00
.gitignore New upstream version (1.20.1) 2022-12-06 12:39:15 +01:00
0001-downstream-ksu-pam-integration.patch New upstream version (1.20.1) 2022-12-06 12:39:15 +01:00
0002-downstream-SELinux-integration.patch New upstream version (1.20.1) 2022-12-06 12:39:15 +01:00
0003-downstream-fix-debuginfo-with-y.tab.c.patch New upstream version (1.20.1) 2022-12-06 12:39:15 +01:00
0004-downstream-Remove-3des-support.patch New upstream version (1.20.1) 2022-12-06 12:39:15 +01:00
0005-downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch New upstream version (1.20.1) 2022-12-06 12:39:15 +01:00
0006-downstream-Allow-krad-UDP-TCP-localhost-connection-w.patch New upstream version (1.20.1) 2022-12-06 12:39:15 +01:00
0007-Add-configure-variable-for-default-PKCS-11-module.patch New upstream version (1.20.1) 2022-12-06 12:39:15 +01:00
0008-Set-reasonable-supportedCMSTypes-in-PKINIT.patch New upstream version (1.20.1) 2022-12-06 12:39:15 +01:00
0009-Simplify-plugin-loading-code.patch New upstream version (1.20.1) 2022-12-06 12:39:15 +01:00
0010-Update-error-checking-for-OpenSSL-CMS_verify.patch Update error checking for OpenSSL CMS_verify 2022-12-06 12:39:21 +01:00
0011-downstream-Catch-SHA-1-digest-disallowed-error-for-P.patch Update error checking for OpenSSL CMS_verify 2022-12-06 12:39:21 +01:00
0012-Add-and-use-ts_interval-helper.patch Remove invalid password expiry warning 2022-12-06 12:39:21 +01:00
0013-downstream-Make-tests-compatible-with-sssd_krb5_loca.patch Make tests compatible with sssd_krb5_locator_plugin.so 2022-12-20 17:06:07 +01:00
0014-downstream-Do-not-set-root-as-ksu-file-owner.patch Strip debugging data from ksu executable file 2023-01-10 10:36:03 +01:00
0015-downstream-Allow-KRB5KDF-MD5-and-MD4-in-FIPS-mode.patch Do not block KRB5KDF and MD4/5 in FIPS mode 2023-01-19 19:39:27 +01:00
gating.yaml Add gating definition for RHEL 9 2021-06-11 13:08:52 +00:00
kadm5.acl RHEL 9.0.0 Alpha bootstrap 2020-10-15 15:05:18 +02:00
kadmin.service RHEL 9.0.0 Alpha bootstrap 2020-11-18 09:51:25 -08:00
kadmin.sysconfig RHEL 9.0.0 Alpha bootstrap 2020-10-15 15:05:18 +02:00
kadmind.logrotate RHEL 9.0.0 Alpha bootstrap 2020-10-15 15:05:18 +02:00
kdc.conf Add AES SHA-2 HMAC family as default KDC etypes 2023-01-13 15:03:46 +01:00
kprop.service RHEL 9.0.0 Alpha bootstrap 2020-10-15 15:05:18 +02:00
kprop.sysconfig RHEL 9.0.0 Alpha bootstrap 2020-10-15 15:05:18 +02:00
krb5-krb5kdc.conf RHEL 9.0.0 Alpha bootstrap 2020-11-18 09:51:25 -08:00
krb5.conf RHEL 9.0.0 Alpha bootstrap 2020-10-15 15:05:18 +02:00
krb5.rpmlintrc RHEL 9.0.0 Alpha bootstrap 2020-10-15 15:05:18 +02:00
krb5.spec Do not block KRB5KDF and MD4/5 in FIPS mode 2023-01-19 19:39:27 +01:00
krb5kdc.logrotate RHEL 9.0.0 Alpha bootstrap 2020-10-15 15:05:18 +02:00
krb5kdc.service RHEL 9.0.0 Alpha bootstrap 2020-11-18 09:51:25 -08:00
krb5kdc.sysconfig RHEL 9.0.0 Alpha bootstrap 2020-10-15 15:05:18 +02:00
ksu.pamd RHEL 9.0.0 Alpha bootstrap 2020-10-15 15:05:18 +02:00
rpminspect.yaml Add rpminspect and clean up mass rebuild mess 2021-06-17 18:55:14 -04:00
sources New upstream version (1.20.1) 2022-12-06 12:39:15 +01:00