From 4f8e4482b316cc5996986bdfae12cc27be27df5e Mon Sep 17 00:00:00 2001
From: Simo Sorce <ssorce@redhat.com>
Date: Wed, 27 Oct 2010 15:05:56 -0400
Subject: pwd-plugin: Always use a special salt by default.

This should make renamed users able to keep using old credentials as the salt
is not derived from the principal name but is always a random quantity.

https://fedorahosted.org/freeipa/ticket/412
---
 install/share/default-keytypes.ldif | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

(limited to 'install')

diff --git a/install/share/default-keytypes.ldif b/install/share/default-keytypes.ldif
index 8561b98dc..8093b6989 100644
--- a/install/share/default-keytypes.ldif
+++ b/install/share/default-keytypes.ldif
@@ -3,9 +3,13 @@ dn: cn=$REALM,cn=kerberos,$SUFFIX
 changetype: modify
 add: krbSupportedEncSaltTypes
 krbSupportedEncSaltTypes: aes256-cts:normal
+krbSupportedEncSaltTypes: aes256-cts:special
 krbSupportedEncSaltTypes: aes128-cts:normal
+krbSupportedEncSaltTypes: aes128-cts:special
 krbSupportedEncSaltTypes: des3-hmac-sha1:normal
+krbSupportedEncSaltTypes: des3-hmac-sha1:special
 krbSupportedEncSaltTypes: arcfour-hmac:normal
+krbSupportedEncSaltTypes: arcfour-hmac:special
 krbSupportedEncSaltTypes: des-hmac-sha1:normal
 krbSupportedEncSaltTypes: des-cbc-md5:normal
 krbSupportedEncSaltTypes: des-cbc-crc:normal
@@ -22,10 +26,8 @@ krbMaxRenewableAge: 604800
 dn: cn=$REALM,cn=kerberos,$SUFFIX
 changetype: modify
 add: krbDefaultEncSaltTypes
-krbDefaultEncSaltTypes: aes256-cts:normal
-krbDefaultEncSaltTypes: aes128-cts:normal
-krbDefaultEncSaltTypes: des3-hmac-sha1:normal
-krbDefaultEncSaltTypes: arcfour-hmac:normal
-krbDefaultEncSaltTypes: des-hmac-sha1:normal
-krbDefaultEncSaltTypes: des-cbc-md5:normal
+krbDefaultEncSaltTypes: aes256-cts:special
+krbDefaultEncSaltTypes: aes128-cts:special
+krbDefaultEncSaltTypes: des3-hmac-sha1:special
+krbDefaultEncSaltTypes: arcfour-hmac:special
 
-- 
cgit