From 9baef8fa8f8c277441af6e11746b43ef6089af87 Mon Sep 17 00:00:00 2001 From: "Robbie Harwood (frozencemetery)" Date: Mon, 19 Oct 2015 21:59:53 +0000 Subject: Start using crypto-policies --- krb5.conf | 2 ++ krb5.spec | 7 ++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/krb5.conf b/krb5.conf index a255d02..cf23f53 100644 --- a/krb5.conf +++ b/krb5.conf @@ -1,3 +1,5 @@ +# To opt out of the system crypto-policies configuration of krb5, remove the +# symlink at /etc/krb5.conf.d/crypto-policies which will not be recreated. includedir /etc/krb5.conf.d/ [logging] diff --git a/krb5.spec b/krb5.spec index 4227750..c53775c 100644 --- a/krb5.spec +++ b/krb5.spec @@ -43,7 +43,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.14 -Release: 2%{?dist} +Release: 3%{?dist} # - Maybe we should explode from the now-available-to-everybody tarball instead? # http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13.2-signed.tar # - The sources below are stored in a lookaside cache. Upload with @@ -450,6 +450,7 @@ install -pm 644 %{SOURCE6} $RPM_BUILD_ROOT/etc/krb5.conf # Default include on this directory mkdir -p $RPM_BUILD_ROOT/etc/krb5.conf.d +ln -sv /etc/crypto-policies/back-ends/krb5.conf $RPM_BUILD_ROOT/etc/krb5.conf.d/crypto-policies # Parent of configuration file for list of loadable GSS mechs ("mechs"). This # location is not relative to sysconfdir, but is hard-coded in g_initialize.c. @@ -796,6 +797,7 @@ exit 0 %dir /etc/gss/mech.d %dir /etc/krb5.conf.d %verify(not md5 size mtime) %config(noreplace) /etc/krb5.conf +%config(noreplace) /etc/krb5.conf.d/crypto-policies /%{_mandir}/man5/.k5identity.5* /%{_mandir}/man5/.k5login.5* /%{_mandir}/man5/k5identity.5* @@ -887,6 +889,9 @@ exit 0 %changelog +* Mon Oct 19 2015 Robbie Harwood - 1.14-beta1-3 +- Start using crypto-policies + * Mon Oct 19 2015 Robbie Harwood - 1.14-beta1-2 - TEMPORARILY disable usage of OFD locks as a workaround for x86 -- cgit