antpro/infra
1
0
Fork 0
forked from saratov/infra
Code Issues Pull Requests Projects Releases Wiki Activity

roles/kerberos5: Drop single-DES enctypes

Browse Source 
Beginning with the krb5-1.18 release, single-DES encryption
types are no longer supported, and KDC (as well as some
utilities  like kadmin.local) refuses to work when such
enctypes are present in configuration.
This commit is contained in:
Ivan A. Melnikov 2020-02-16 00:03:22 +04:00
parent 547f85e73b
commit 51ec2730b8
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
roles/kerberos5/templates/kdc.conf.j2
View File

@ -11,7 +11,7 @@
acl_file = {{ kdc_var_path }}/kadm5.acl acl_file = {{ kdc_var_path }}/kadm5.acl
dict_file = /usr/share/dict/words dict_file = /usr/share/dict/words
admin_keytab = {{ kdc_var_path }}/kadm5.keytab admin_keytab = {{ kdc_var_path }}/kadm5.keytab
supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal camellia256-cts:normal camellia128-cts:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal camellia256-cts:normal camellia128-cts:normal
} }
[logging] [logging]