diff options
-rw-r--r-- | daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c | 14 | ||||
-rw-r--r-- | install/share/kerberos.ldif | 2 |
2 files changed, 3 insertions, 13 deletions
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c index 1a8ef47b0..5dc606d22 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c @@ -55,18 +55,10 @@ extern const char *ipa_realm_dn; extern const char *ipa_etc_config_dn; extern const char *ipa_pwd_config_dn; -/* These are the default enc:salt types if nothing is defined. - * TODO: retrieve the configure set of ecntypes either from the - * kfc.conf file or by synchronizing the file content into - * the directory */ +/* These are the default enc:salt types if nothing is defined in LDAP */ static const char *ipapwd_def_encsalts[] = { - "des3-hmac-sha1:normal", -/* "arcfour-hmac:normal", - "des-hmac-sha1:normal", - "des-cbc-md5:normal", */ - "des-cbc-crc:normal", -/* "des-cbc-crc:v4", - "des-cbc-crc:afs3", */ + "aes256-cts:special", + "aes128-cts:special", NULL }; diff --git a/install/share/kerberos.ldif b/install/share/kerberos.ldif index 41e77952a..1f556382e 100644 --- a/install/share/kerberos.ldif +++ b/install/share/kerberos.ldif @@ -30,8 +30,6 @@ krbMaxTicketLife: 86400 krbMaxRenewableAge: 604800 krbDefaultEncSaltTypes: aes256-cts:special krbDefaultEncSaltTypes: aes128-cts:special -krbDefaultEncSaltTypes: des3-hmac-sha1:special -krbDefaultEncSaltTypes: arcfour-hmac:special # Default password Policy dn: cn=global_policy,cn=$REALM,cn=kerberos,$SUFFIX |