Alexander Bokovoy d38dd2680f
KRB instance: make provision to work with crypto policy without SHA-1 HMAC types ...
RHEL 9 system-wide crypto policies aim at eventual removal of SHA-1 use.
Due to bootstrapping process, force explicitly supported encryption
types in kdc.conf or we may end up with AES128-SHA1 and AES256-SHA2 only
in FIPS mode at bootstrap time which then fails to initialize kadmin
principals requiring use of AES256-SHA2 and AES128-SHA2.
Camellia ciphers must be filtered out in FIPS mode, we do that already
in the kerberos.ldif.
At this point we are not changing the master key encryption type to
AES256-SHA2 because upgrading existing deployments is complicated and
at the time when a replica configuration is deployed, we don't know what
is the encryption type of the master key of the original server as well.
Fixes: https://pagure.io/freeipa/issue/9119
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com >
Reviewed-By: Julien Rische <jrische@redhat.com >
Reviewed-By: Francisco Trivino <ftrivino@redhat.com >
2022-03-08 12:54:47 +01:00
2016-11-16 09:12:07 +01:00
2021-07-09 13:21:00 -04:00
2021-01-21 13:51:45 +01:00
2015-02-20 15:40:42 +01:00
2013-11-18 16:54:21 +01:00
2013-11-18 16:54:21 +01:00
2021-07-09 09:47:30 -04:00
2021-04-19 17:14:23 +02:00
2021-07-09 09:47:30 -04:00
2016-06-15 07:13:38 +02:00
2021-07-09 09:47:30 -04:00
2016-10-11 16:48:47 +02:00
2014-10-21 12:23:03 +02:00
2019-11-21 11:13:12 -05:00
2013-11-18 16:54:21 +01:00
2016-06-23 09:48:06 +02:00
2014-07-30 16:04:21 +02:00
2014-07-01 13:57:06 +02:00
2015-01-21 09:20:15 +01:00
2015-10-15 14:24:33 +02:00
2016-05-06 07:12:01 +02:00
2015-05-26 11:59:47 +00:00
2019-07-17 17:50:07 +03:00
2017-02-15 07:13:37 +01:00
2011-08-31 09:49:43 +02:00
2020-06-10 16:07:07 +02:00
2021-05-25 10:45:49 +03:00
2020-06-10 16:07:07 +02:00
2021-06-15 14:13:16 +03:00
2020-08-31 09:42:31 +03:00
2020-08-31 09:42:31 +03:00
2021-07-09 09:47:30 -04:00
2016-12-09 15:47:13 +01:00
2017-03-01 12:46:50 +01:00
2021-06-16 10:28:17 -04:00
2019-11-11 09:31:14 +01:00
2019-01-15 14:29:22 -05:00
2013-03-11 17:07:07 +01:00
2014-09-30 10:42:06 +02:00
2016-06-03 15:58:21 +02:00
2021-07-09 09:47:30 -04:00
2020-03-16 13:04:17 +01:00
2014-10-21 12:23:03 +02:00
2015-05-26 11:59:47 +00:00
2021-01-13 21:31:31 +02:00
2010-11-22 12:42:16 -05:00
2011-01-28 13:58:43 -05:00
2019-09-10 12:33:21 +03:00
2017-02-15 07:13:37 +01:00
2021-06-12 11:19:25 +03:00
2011-09-12 16:28:27 -04:00
2018-02-09 08:28:11 +01:00
2017-11-21 16:13:28 +01:00
2021-04-07 11:43:23 +03:00
2022-01-31 18:14:22 -05:00
2020-12-02 14:05:36 +02:00
2021-04-07 11:43:23 +03:00
2020-06-23 09:20:24 +02:00
2022-01-14 17:24:58 +01:00
2019-04-10 13:43:23 +02:00
2017-05-19 12:31:24 +02:00
2010-11-18 15:09:36 -05:00
2010-11-18 15:09:36 -05:00
2022-03-08 12:54:47 +01:00
2015-06-24 10:43:58 +02:00
2015-06-24 10:43:58 +02:00
2015-06-24 10:43:58 +02:00
2017-04-12 13:05:23 +02:00
2022-03-08 12:54:47 +01:00
2021-09-15 10:16:54 +02:00
2012-09-19 20:47:12 -04:00
2009-02-03 15:27:14 -05:00
2009-02-03 15:27:14 -05:00
2020-09-24 17:03:00 +02:00
2021-07-09 09:47:30 -04:00
2011-09-12 16:28:27 -04:00
2015-05-26 11:59:47 +00:00
2021-07-09 09:47:30 -04:00
2011-04-22 11:43:50 +02:00
2017-02-15 07:13:37 +01:00
2016-06-23 09:48:06 +02:00
2016-01-11 09:45:54 +01:00
2012-11-21 14:55:12 +01:00
2020-03-12 21:48:25 +01:00
2015-05-19 12:50:56 +00:00
2021-02-15 09:57:07 +02:00
2021-02-15 09:57:07 +02:00
2021-02-15 09:57:07 +02:00
2021-02-15 09:57:07 +02:00
2021-02-15 09:57:07 +02:00
2019-05-24 12:42:51 +02:00
2014-09-12 17:42:08 +02:00
2020-05-04 20:49:23 +02:00
2011-08-31 09:49:43 +02:00
2017-10-19 17:48:58 +03:00
2011-09-12 16:28:27 -04:00
2013-06-27 17:06:51 +02:00
2013-09-10 09:49:43 +02:00
2012-06-07 09:39:09 +02:00
2021-11-10 15:00:27 -05:00
2020-07-30 11:38:25 +02:00
2011-02-23 15:32:24 -05:00
2015-12-04 12:59:21 +01:00
2015-05-19 12:45:41 +00:00
2011-09-12 16:28:27 -04:00
2014-10-21 12:23:03 +02:00
2015-09-17 14:55:54 +02:00
2021-04-07 11:43:23 +03:00
d38dd2680f