Re: [Freeipa-users] Disable AES256 Encryption
Eldo Joseph wrote: > Martin, > > Application compatible issue, AES256 is not been supported. So you need a keytab without AES? You can pass the encryption types you want to ipa-getkeytab using the -e option. This way you don't need to disable AES system-wide due to one application. rob > > Thanks, > Eldo > > On 21/07/2014 7:15 pm, Martin Kosek wrote: > On 07/21/2014 03:38 PM, Eldo Joseph wrote: >> Is it possible to disable AES256 Encryption from IPA, while making > Kerberos principals... >> >> -Eldo- > > I think you would need to hand update krbDefaultEncSaltTypes in > cn=YOUR-REALM,cn=kerberos,SUFFIX (via ldapmodify) to make this working. > > Can you share what is the motivation for this change? I see requests to > rather > add additional (older) encryption types, not removing the current ones. > > Thanks, > Martin > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] Disable AES256 Encryption
Ok, though in that case the application has 3 other encryption types to kinit with (in default configuration) Martin On 07/21/2014 04:28 PM, Eldo Joseph wrote: > Martin, > > Application compatible issue, AES256 is not been supported. > > Thanks, > Eldo > > On 21/07/2014 7:15 pm, Martin Kosek wrote: > On 07/21/2014 03:38 PM, Eldo Joseph wrote: >> Is it possible to disable AES256 Encryption from IPA, while making Kerberos >> principals... >> >> -Eldo- > > I think you would need to hand update krbDefaultEncSaltTypes in > cn=YOUR-REALM,cn=kerberos,SUFFIX (via ldapmodify) to make this working. > > Can you share what is the motivation for this change? I see requests to rather > add additional (older) encryption types, not removing the current ones. > > Thanks, > Martin > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] Disable AES256 Encryption
Martin, Application compatible issue, AES256 is not been supported. Thanks, Eldo On 21/07/2014 7:15 pm, Martin Kosek wrote: On 07/21/2014 03:38 PM, Eldo Joseph wrote: > Is it possible to disable AES256 Encryption from IPA, while making Kerberos > principals... > > -Eldo- I think you would need to hand update krbDefaultEncSaltTypes in cn=YOUR-REALM,cn=kerberos,SUFFIX (via ldapmodify) to make this working. Can you share what is the motivation for this change? I see requests to rather add additional (older) encryption types, not removing the current ones. Thanks, Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] Disable AES256 Encryption
On 07/21/2014 03:38 PM, Eldo Joseph wrote: > Is it possible to disable AES256 Encryption from IPA, while making Kerberos > principals... > > -Eldo- I think you would need to hand update krbDefaultEncSaltTypes in cn=YOUR-REALM,cn=kerberos,SUFFIX (via ldapmodify) to make this working. Can you share what is the motivation for this change? I see requests to rather add additional (older) encryption types, not removing the current ones. Thanks, Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
[Freeipa-users] Disable AES256 Encryption
Is it possible to disable AES256 Encryption from IPA, while making Kerberos principals... -Eldo- -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
