On Чцв, 14 ліс 2024, Angus Clarke via FreeIPA-users wrote:
Hello
Our RSA infra was upgraded to address Blast-Radius vulnerability
https://www.blastradius.fail/ Since then, radius-proxy enabled users
can no longer authenticate against those providers.
I understand the RSA radius servers now require Message-Authenticator
attributes to be set which I suppose is the missing piece when freeipa
attempts to authenticate.
Anybody have a view on this?
It should be addressed already by newer krb5 builds in RHEL and Fedora.
You need to upgrade them and restart IPA services.
https://access.redhat.com/security/cve/CVE-2024-3596
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
