[Freeipa-devel] [PATCH] 0114 ipa-sam: fix setting encryption type for trust object already created
Alexander Bokovoy
abokovoy at redhat.com
Sat Sep 7 18:01:59 UTC 2013
On Sat, 07 Sep 2013, Simo Sorce wrote:
>On Thu, 2013-09-05 at 17:44 +0300, Alexander Bokovoy wrote:
>> + enctypes = KERB_ENCTYPE_DES_CBC_CRC |
>> + KERB_ENCTYPE_DES_CBC_MD5 |
>> + KERB_ENCTYPE_RC4_HMAC_MD5 |
>> + KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96 |
>> + KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96;
>
>Why are we hardcoding support for *DES* enctype, we disable DES by
>default and also Windows never uses it by default.
This is actually a copy of the same statement from
fill_pdb_trusted_domain().
Should I remove it? RC4 enctype will be the only one available for
Windows 2003 trusts then...
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list