On 29.12.2014 23:31, Matt . wrote:
> But should an IPA install not add them by default ? Maybe this is some
I'm not sure that I understand what you mean, but DES is disabled on purpose
because it is completely insecure nowadays. Maybe you should try to rule it
out from your deployment.
According to , it was possible to attack DES key back in 2008. I don't want
to even guess how easy it has to be today. DES in Kerberos was formally
deprecated by RFC 6649 .
Also, -CRC variants are completely insecure by design (because it is malleable).
Have a nice day!
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project