On Sat, 07 Sep 2013, Simo Sorce wrote:
On Thu, 2013-09-05 at 17:44 +0300, Alexander Bokovoy wrote:
+       enctypes = KERB_ENCTYPE_DES_CBC_CRC |
+                  KERB_ENCTYPE_DES_CBC_MD5 |
+                  KERB_ENCTYPE_RC4_HMAC_MD5 |
+                  KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96 |
+                  KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96;

Why are we hardcoding support for *DES* enctype, we disable DES by
default and also Windows never uses it by default.
This is actually a copy of the same statement from
fill_pdb_trusted_domain().

Should I remove it? RC4 enctype will be the only one available for
Windows 2003 trusts then...
--
/ Alexander Bokovoy

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to