Add Camellia ciphers to allowed list.

https://fedorahosted.org/freeipa/ticket/3749

3 files changed, 10 insertions, 0 deletions

diff --git a/install/share/kerberos.ldif b/install/share/kerberos.ldif
index 4778a6b4d..41e77952a 100644
--- a/install/share/kerberos.ldif
+++ b/install/share/kerberos.ldif
@@ -22,6 +22,10 @@ krbSupportedEncSaltTypes: des3-hmac-sha1:normal
 krbSupportedEncSaltTypes: des3-hmac-sha1:special
 krbSupportedEncSaltTypes: arcfour-hmac:normal
 krbSupportedEncSaltTypes: arcfour-hmac:special
+krbSupportedEncSaltTypes: camellia128-cts-cmac:normal
+krbSupportedEncSaltTypes: camellia128-cts-cmac:special
+krbSupportedEncSaltTypes: camellia256-cts-cmac:normal
+krbSupportedEncSaltTypes: camellia256-cts-cmac:special
 krbMaxTicketLife: 86400
 krbMaxRenewableAge: 604800
 krbDefaultEncSaltTypes: aes256-cts:special
diff --git a/install/updates/50-krbenctypes.update b/install/updates/50-krbenctypes.update
new file mode 100644
index 000000000..ef419bc44
--- /dev/null
+++ b/install/updates/50-krbenctypes.update
@@ -0,0 +1,5 @@
+dn: cn=$REALM,cn=kerberos,$SUFFIX
+add: krbSupportedEncSaltTypes: camellia128-cts-cmac:normal
+add: krbSupportedEncSaltTypes: camellia128-cts-cmac:special
+add: krbSupportedEncSaltTypes: camellia256-cts-cmac:normal
+add: krbSupportedEncSaltTypes: camellia256-cts-cmac:special
diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am
index 5336f62ed..40c3b3c89 100644
--- a/install/updates/Makefile.am
+++ b/install/updates/Makefile.am
@@ -39,6 +39,7 @@ app_DATA =				\
 	50-lockout-policy.update	\
 	50-groupuuid.update		\
 	50-hbacservice.update		\
+	50-krbenctypes.update		\
 	50-nis.update			\
 	50-ipaconfig.update		\
 	55-pbacmemberof.update		\