This patch configures IPA to use the currently strongest available
enctype for the master key.
Fixes #456
Simo.
--
Simo Sorce * Red Hat, Inc * New York
From c46dd2d57ee59248152f0ab7ef07645fe36af83d Mon Sep 17 00:00:00 2001
From: Simo Sorce sso...@redhat.com
Date: Mon, 1 Nov 2010 09:33:14 -0400
Subject: [PATCH] Use strongest keytype for master key
---
install/share/kdc.conf.template |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/install/share/kdc.conf.template b/install/share/kdc.conf.template
index 0a5747831671ab2546f4ee0230c7f309b0c3d5be..4a2cca412c7a5a1b8a45f6d114ec844aa02822ea 100644
--- a/install/share/kdc.conf.template
+++ b/install/share/kdc.conf.template
@@ -4,7 +4,7 @@
[realms]
$REALM = {
- master_key_type = des3-hmac-sha1
+ master_key_type = aes256-cts
supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3
max_life = 7d
max_renewable_life = 14d
--
1.7.3.2
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel