From 198d82d4cea94e401bffea1ebed9fd00d5fdd832 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Fri, 12 Jul 2013 11:28:20 -0400 Subject: [PATCH] Add Camellia ciphers to allowed list. https://fedorahosted.org/freeipa/ticket/3749 --- install/share/kerberos.ldif | 4 ++++ install/updates/50-krbenctypes.update | 5 +++++ install/updates/Makefile.am | 1 + 3 files changed, 10 insertions(+) create mode 100644 install/updates/50-krbenctypes.update diff --git a/install/share/kerberos.ldif b/install/share/kerberos.ldif index 4778a6b4d..41e77952a 100644 --- a/install/share/kerberos.ldif +++ b/install/share/kerberos.ldif @@ -22,6 +22,10 @@ krbSupportedEncSaltTypes: des3-hmac-sha1:normal krbSupportedEncSaltTypes: des3-hmac-sha1:special krbSupportedEncSaltTypes: arcfour-hmac:normal krbSupportedEncSaltTypes: arcfour-hmac:special +krbSupportedEncSaltTypes: camellia128-cts-cmac:normal +krbSupportedEncSaltTypes: camellia128-cts-cmac:special +krbSupportedEncSaltTypes: camellia256-cts-cmac:normal +krbSupportedEncSaltTypes: camellia256-cts-cmac:special krbMaxTicketLife: 86400 krbMaxRenewableAge: 604800 krbDefaultEncSaltTypes: aes256-cts:special diff --git a/install/updates/50-krbenctypes.update b/install/updates/50-krbenctypes.update new file mode 100644 index 000000000..ef419bc44 --- /dev/null +++ b/install/updates/50-krbenctypes.update @@ -0,0 +1,5 @@ +dn: cn=$REALM,cn=kerberos,$SUFFIX +add: krbSupportedEncSaltTypes: camellia128-cts-cmac:normal +add: krbSupportedEncSaltTypes: camellia128-cts-cmac:special +add: krbSupportedEncSaltTypes: camellia256-cts-cmac:normal +add: krbSupportedEncSaltTypes: camellia256-cts-cmac:special diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am index 5336f62ed..40c3b3c89 100644 --- a/install/updates/Makefile.am +++ b/install/updates/Makefile.am @@ -39,6 +39,7 @@ app_DATA = \ 50-lockout-policy.update \ 50-groupuuid.update \ 50-hbacservice.update \ + 50-krbenctypes.update \ 50-nis.update \ 50-ipaconfig.update \ 55-pbacmemberof.update \