freeipa/daemons/ipa-sam
Alexander Bokovoy 6907a0cef7
ipasam: do not use RC4 in FIPS mode
When creating Kerberos keys for trusted domain object account, ipasam
module requests to generate keys using a series of well-known encryption
types. In FIPS mode it is not possible to generate RC4-HMAC key:
MIT Kerberos is using openssl crypto backend and openssl does not allow
use of RC4 in FIPS mode.

Thus, we have to filter out RC4-HMAC encryption type when running in
FIPS mode. A side-effect is that a trust to Active Directory running
with Windows Server 2003 will not be possible anymore in FIPS mode.

Resolves: https://pagure.io/freeipa/issue/7659
Reviewed-By: Robbie Harwood <rharwood@redhat.com>
2018-08-13 14:42:16 +02:00
..
ipa_sam.c ipasam: do not use RC4 in FIPS mode 2018-08-13 14:42:16 +02:00
ipa_sam.h Migrate from #ifndef guards to #pragma once 2016-05-29 14:04:45 +02:00
Makefile.am Build: remove incorrect use of MAINTAINERCLEANFILES 2016-11-16 09:12:07 +01:00
README Add ipasam samba passdb backend 2011-12-06 08:29:53 -05:00

This is the ipa samba passdb backend.