packages: heimdal/heimdal-krb5.conf - how to use KCM - aes256 - weak-crypto...
baggins
baggins at pld-linux.org
Thu Oct 21 14:57:47 CEST 2010
Author: baggins Date: Thu Oct 21 12:57:47 2010 GMT
Module: packages Tag: HEAD
---- Log message:
- how to use KCM
- aes256
- weak-crypto clarification
---- Files affected:
packages/heimdal:
heimdal-krb5.conf (1.11 -> 1.12)
---- Diffs:
================================================================
Index: packages/heimdal/heimdal-krb5.conf
diff -u packages/heimdal/heimdal-krb5.conf:1.11 packages/heimdal/heimdal-krb5.conf:1.12
--- packages/heimdal/heimdal-krb5.conf:1.11 Thu Oct 7 17:35:36 2010
+++ packages/heimdal/heimdal-krb5.conf Thu Oct 21 14:57:42 2010
@@ -1,11 +1,12 @@
[libdefaults]
-# default_cc_name = KCM:%{uid}
+# default_cc_type = KCM
+# default_cc_name = FILE:/tmp/krb5cc_%{uid}
ticket_lifetime = 24h
renew_lifetime = 24h
default_realm = MY.REALM
# default_keytab_name = FILE:/etc/krb5.keytab
-# default_etypes = des3-hmac-sha1 arcfour-hmac-md5
-# default_etypes_des = des3-hmac-sha1 des-cbc-crc des-cbc-md5 des-cbc-md4 arcfour-hmac-md5
+# default_etypes = des3-hmac-sha1 arcfour-hmac-md5 aes256-cts-hmac-sha1-96
+# default_etypes_des = des-cbc-crc des-cbc-md5 des-cbc-md4 des3-hmac-sha1 arcfour-hmac-md5 aes256-cts-hmac-sha1-96
kdc_timesync = 1
clockskew = 300
forwardable = true
@@ -16,7 +17,7 @@
# WARNING!!!
# As of heimdal 1.3 DES is deprecated, that means you MUST uncomment
# the following line if you use any flavor of kerberized NFS on
-# kernels prior to 2.6.35.
+# kernels prior to 2.6.35 and nfs-utils < 1.2.3.
# http://www.h5l.org/blog/index.php/2008/10/des-will-die-in-heimdal/
# allow_weak_crypto = true
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/heimdal/heimdal-krb5.conf?r1=1.11&r2=1.12&f=u
More information about the pld-cvs-commit
mailing list