Jeremy, My understanding is that even AD 2016 will support arcfour-hmac (even though it's deprecated and not recommended). Local company AD teams will make the decision to stop supporting arcfour-hmac or not. (for instance, our company's team tried -- and it broke something to do with cross-domain auth. So they reverted.)
I don't know when AD quit supporting 3des-cbc. Spike On Sun, May 9, 2021 at 5:09 PM Jeremy Monnet <jmon...@gmail.com> wrote: > Hi, > > > To allow all the old (weak) RHEL7 crypto ciphers (like 3des-cbc and > arcfour-hmac). > > > > It's not advisable to leave crypto-polcies at LEGACY -- that accepts > some truly weak ciphers. > > > > > You are right, only I do not decide the AD version used... 2012R2 is > still supported by Microsoft, so people are not eager to migrate to > 2016 or 2019. That brings me to another question : > - Is there a reference to supported ciphers, eg will rhel without > enabling weak ciphers will work out of the box with an AD 2016 (that > could another argument to upgrade) ? > > And yes you are right, the issue is pure kerberos, sssd just sits on top... > > Regards, > > Jeremy > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure >
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure