From 58ab032f1ae20454d4b9d760c7601fd8b44045f5 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Mon, 23 Nov 2015 13:40:42 -0500
Subject: Use only AES enctypes by default

Remove des3 and arcfour from the defaults for new installs.

NOTE: the ipasam/dcerpc code sill uses arcfour

Signed-off-by: Simo Sorce <simo@redhat.com>

Ticket: https://fedorahosted.org/freeipa/ticket/4740
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
---
 install/share/kerberos.ldif | 2 --
 1 file changed, 2 deletions(-)

(limited to 'install')

diff --git a/install/share/kerberos.ldif b/install/share/kerberos.ldif
index 41e77952a..1f556382e 100644
--- a/install/share/kerberos.ldif
+++ b/install/share/kerberos.ldif
@@ -30,8 +30,6 @@ krbMaxTicketLife: 86400
 krbMaxRenewableAge: 604800
 krbDefaultEncSaltTypes: aes256-cts:special
 krbDefaultEncSaltTypes: aes128-cts:special
-krbDefaultEncSaltTypes: des3-hmac-sha1:special
-krbDefaultEncSaltTypes: arcfour-hmac:special
 
 # Default password Policy
 dn: cn=global_policy,cn=$REALM,cn=kerberos,$SUFFIX
-- 
cgit