From 09d5b938c128d8bb01ae40b5d736a266c6075b39 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Fri, 1 Nov 2019 15:59:42 -0400 Subject: [PATCH] Enable AES SHA 256 and 384-bit enctypes in Kerberos https://pagure.io/freeipa/issue/8110 Reviewed-By: Christian Heimes --- install/share/kerberos.ldif | 4 ++++ install/updates/50-krbenctypes.update | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/install/share/kerberos.ldif b/install/share/kerberos.ldif index b96399e91..3b75b4456 100644 --- a/install/share/kerberos.ldif +++ b/install/share/kerberos.ldif @@ -18,6 +18,10 @@ krbSupportedEncSaltTypes: aes256-cts:normal krbSupportedEncSaltTypes: aes256-cts:special krbSupportedEncSaltTypes: aes128-cts:normal krbSupportedEncSaltTypes: aes128-cts:special +krbSupportedEncSaltTypes: aes128-sha2:normal +krbSupportedEncSaltTypes: aes128-sha2:special +krbSupportedEncSaltTypes: aes256-sha2:normal +krbSupportedEncSaltTypes: aes256-sha2:special ${FIPS}krbSupportedEncSaltTypes: camellia128-cts-cmac:normal ${FIPS}krbSupportedEncSaltTypes: camellia128-cts-cmac:special ${FIPS}krbSupportedEncSaltTypes: camellia256-cts-cmac:normal diff --git a/install/updates/50-krbenctypes.update b/install/updates/50-krbenctypes.update index ef419bc44..495a8b5a4 100644 --- a/install/updates/50-krbenctypes.update +++ b/install/updates/50-krbenctypes.update @@ -3,3 +3,7 @@ add: krbSupportedEncSaltTypes: camellia128-cts-cmac:normal add: krbSupportedEncSaltTypes: camellia128-cts-cmac:special add: krbSupportedEncSaltTypes: camellia256-cts-cmac:normal add: krbSupportedEncSaltTypes: camellia256-cts-cmac:special +add: krbSupportedEncSaltTypes: aes128-sha2:normal +add: krbSupportedEncSaltTypes: aes128-sha2:special +add: krbSupportedEncSaltTypes: aes256-sha2:normal +add: krbSupportedEncSaltTypes: aes256-sha2:special