From 51ec2730b82ca8046bd3ef7008eacfe580f38702 Mon Sep 17 00:00:00 2001
From: "Ivan A. Melnikov" <iv@altlinux.org>
Date: Sun, 16 Feb 2020 00:03:22 +0400
Subject: [PATCH] roles/kerberos5: Drop single-DES enctypes

Beginning with the krb5-1.18 release, single-DES encryption
types are no longer supported, and KDC (as well as some
utilities  like kadmin.local) refuses to work when such
enctypes are present in configuration.
---
 roles/kerberos5/templates/kdc.conf.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/kerberos5/templates/kdc.conf.j2 b/roles/kerberos5/templates/kdc.conf.j2
index d308564..c618870 100644
--- a/roles/kerberos5/templates/kdc.conf.j2
+++ b/roles/kerberos5/templates/kdc.conf.j2
@@ -11,7 +11,7 @@
   acl_file = {{ kdc_var_path }}/kadm5.acl
   dict_file = /usr/share/dict/words
   admin_keytab = {{ kdc_var_path }}/kadm5.keytab
-  supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal camellia256-cts:normal camellia128-cts:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal
+  supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal camellia256-cts:normal camellia128-cts:normal
  }
 
 [logging]