Hi, > To allow all the old (weak) RHEL7 crypto ciphers (like 3des-cbc and > arcfour-hmac). > > It's not advisable to leave crypto-polcies at LEGACY -- that accepts some > truly weak ciphers. > > You are right, only I do not decide the AD version used... 2012R2 is still supported by Microsoft, so people are not eager to migrate to 2016 or 2019. That brings me to another question : - Is there a reference to supported ciphers, eg will rhel without enabling weak ciphers will work out of the box with an AD 2016 (that could another argument to upgrade) ?
And yes you are right, the issue is pure kerberos, sssd just sits on top... Regards, Jeremy _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
