diff options
author | Simo Sorce <simo@redhat.com> | 2015-11-23 13:40:42 -0500 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2016-01-13 15:24:53 +0100 |
commit | 58ab032f1ae20454d4b9d760c7601fd8b44045f5 (patch) | |
tree | 7183ec913da97adbdc250e89008bc792c855f4f3 /daemons/ipa-slapi-plugins | |
parent | c0133778ae6ea207aa3b184af54fea5803e2ac23 (diff) | |
download | freeipa-58ab032f1ae20454d4b9d760c7601fd8b44045f5.tar.gz freeipa-58ab032f1ae20454d4b9d760c7601fd8b44045f5.tar.xz freeipa-58ab032f1ae20454d4b9d760c7601fd8b44045f5.zip |
Use only AES enctypes by default
Remove des3 and arcfour from the defaults for new installs.
NOTE: the ipasam/dcerpc code sill uses arcfour
Signed-off-by: Simo Sorce <simo@redhat.com>
Ticket: https://fedorahosted.org/freeipa/ticket/4740
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'daemons/ipa-slapi-plugins')
-rw-r--r-- | daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c | 14 |
1 files changed, 3 insertions, 11 deletions
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c index 1a8ef47b0..5dc606d22 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c @@ -55,18 +55,10 @@ extern const char *ipa_realm_dn; extern const char *ipa_etc_config_dn; extern const char *ipa_pwd_config_dn; -/* These are the default enc:salt types if nothing is defined. - * TODO: retrieve the configure set of ecntypes either from the - * kfc.conf file or by synchronizing the file content into - * the directory */ +/* These are the default enc:salt types if nothing is defined in LDAP */ static const char *ipapwd_def_encsalts[] = { - "des3-hmac-sha1:normal", -/* "arcfour-hmac:normal", - "des-hmac-sha1:normal", - "des-cbc-md5:normal", */ - "des-cbc-crc:normal", -/* "des-cbc-crc:v4", - "des-cbc-crc:afs3", */ + "aes256-cts:special", + "aes128-cts:special", NULL }; |