[Freeipa-users] Disable AES256 Encryption
Rob Crittenden
rcritten at redhat.com
Mon Jul 21 16:21:14 UTC 2014
Eldo Joseph wrote:
> Martin,
>
> Application compatible issue, AES256 is not been supported.
So you need a keytab without AES? You can pass the encryption types you
want to ipa-getkeytab using the -e option.
This way you don't need to disable AES system-wide due to one application.
rob
>
> Thanks,
> Eldo
>
> On 21/07/2014 7:15 pm, Martin Kosek <mkosek at redhat.com> wrote:
> On 07/21/2014 03:38 PM, Eldo Joseph wrote:
>> Is it possible to disable AES256 Encryption from IPA, while making
> Kerberos principals...
>>
>> -Eldo-
>
> I think you would need to hand update krbDefaultEncSaltTypes in
> cn=YOUR-REALM,cn=kerberos,SUFFIX (via ldapmodify) to make this working.
>
> Can you share what is the motivation for this change? I see requests to
> rather
> add additional (older) encryption types, not removing the current ones.
>
> Thanks,
> Martin
>
>
More information about the Freeipa-users
mailing list