This patch configures IPA to use the currently strongest available
enctype for the master key.

Fixes #456

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York
>From c46dd2d57ee59248152f0ab7ef07645fe36af83d Mon Sep 17 00:00:00 2001
From: Simo Sorce <sso...@redhat.com>
Date: Mon, 1 Nov 2010 09:33:14 -0400
Subject: [PATCH] Use strongest keytype for master key

---
 install/share/kdc.conf.template |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/install/share/kdc.conf.template b/install/share/kdc.conf.template
index 0a5747831671ab2546f4ee0230c7f309b0c3d5be..4a2cca412c7a5a1b8a45f6d114ec844aa02822ea 100644
--- a/install/share/kdc.conf.template
+++ b/install/share/kdc.conf.template
@@ -4,7 +4,7 @@
 
 [realms]
  $REALM = {
-  master_key_type = des3-hmac-sha1
+  master_key_type = aes256-cts
   supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3
   max_life = 7d
   max_renewable_life = 14d
-- 
1.7.3.2

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to