Issue #2471: Need way to obtain DES keys for older NFS - freeipa - Pagure.io

freeipa

#2471 Need way to obtain DES keys for older NFS

Closed: Fixed None Opened 12 years ago by rcritten.

DES is completely disabled in 2.2 servers. We need a way to be able to generate DES keys at least for older NFS clients and servers.

I tried adding allow_weak_crypto = yes to libdefaults of the IPA server krb5.conf and adding support for the enc type but was still unable to use ipa-getkeytab from a RHEL-5 client.

I added this to LDAP:

dn: cn=$REALM,cn=kerberos,dc=greyoak,dc=com
krbSupportedEncSaltTypes: des-cbc-crc:normal
krbSupportedEncSaltTypes: des-cbc-crc:special
krbDefaultEncSaltTypes: des-cbc-crc:special

dpal commented 12 years ago

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=800542

elladeon commented 12 years ago

Added step #6 here:
http://docs.fedoraproject.org/en-US/Fedora/16/html/FreeIPA_Guide/kerb-nfs.html

mkosek commented 10 years ago

Rename component.

Metadata Update from @rcritten:
- Issue assigned to elladeon
- Issue set to the milestone: FreeIPA 2.2.0 Documentation

7 years ago

Login to comment on this ticket.

Metadata

Assignee

Tags

None

Blocking

None

Depending on

None

Priority

important

Milestone

FreeIPA 2.2.0 Documentation

cc

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

Documentation

blocking

None

on_review

0

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=800542

tester

None

changelog

None

design

None

Powered by Pagure 5.13.3

Documentation • File an Issue • About • SSH Hostkey/Fingerprint

© Red Hat, Inc. and others.