mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
6907a0cef7
When creating Kerberos keys for trusted domain object account, ipasam module requests to generate keys using a series of well-known encryption types. In FIPS mode it is not possible to generate RC4-HMAC key: MIT Kerberos is using openssl crypto backend and openssl does not allow use of RC4 in FIPS mode. Thus, we have to filter out RC4-HMAC encryption type when running in FIPS mode. A side-effect is that a trust to Active Directory running with Windows Server 2003 will not be possible anymore in FIPS mode. Resolves: https://pagure.io/freeipa/issue/7659 Reviewed-By: Robbie Harwood <rharwood@redhat.com>
This is the ipa samba passdb backend.