mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-28 18:01:23 -06:00
4f8e4482b3
This should make renamed users able to keep using old credentials as the salt is not derived from the principal name but is always a random quantity. https://fedorahosted.org/freeipa/ticket/412
34 lines
1.0 KiB
Plaintext
34 lines
1.0 KiB
Plaintext
#kerberos keytypes
|
|
dn: cn=$REALM,cn=kerberos,$SUFFIX
|
|
changetype: modify
|
|
add: krbSupportedEncSaltTypes
|
|
krbSupportedEncSaltTypes: aes256-cts:normal
|
|
krbSupportedEncSaltTypes: aes256-cts:special
|
|
krbSupportedEncSaltTypes: aes128-cts:normal
|
|
krbSupportedEncSaltTypes: aes128-cts:special
|
|
krbSupportedEncSaltTypes: des3-hmac-sha1:normal
|
|
krbSupportedEncSaltTypes: des3-hmac-sha1:special
|
|
krbSupportedEncSaltTypes: arcfour-hmac:normal
|
|
krbSupportedEncSaltTypes: arcfour-hmac:special
|
|
krbSupportedEncSaltTypes: des-hmac-sha1:normal
|
|
krbSupportedEncSaltTypes: des-cbc-md5:normal
|
|
krbSupportedEncSaltTypes: des-cbc-crc:normal
|
|
krbSupportedEncSaltTypes: des-cbc-crc:v4
|
|
krbSupportedEncSaltTypes: des-cbc-crc:afs3
|
|
-
|
|
add: krbMaxTicketLife
|
|
krbMaxTicketLife: 86400
|
|
-
|
|
add: krbMaxRenewableAge
|
|
krbMaxRenewableAge: 604800
|
|
|
|
#kerberos keytypes
|
|
dn: cn=$REALM,cn=kerberos,$SUFFIX
|
|
changetype: modify
|
|
add: krbDefaultEncSaltTypes
|
|
krbDefaultEncSaltTypes: aes256-cts:special
|
|
krbDefaultEncSaltTypes: aes128-cts:special
|
|
krbDefaultEncSaltTypes: des3-hmac-sha1:special
|
|
krbDefaultEncSaltTypes: arcfour-hmac:special
|
|
|