[30508] in CVS-changelog-for-Kerberos-V5

home help back first fref pref prev next nref lref last post

krb5 commit: Update default krb5kdc mkey manual-entry enctype

daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon May 20 20:48:03 2019

Date: Mon, 20 May 2019 20:47:57 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <201905210047.x4L0lvBQ029072@drugstore.mit.edu>
To: <cvs-krb5@mit.edu>
MIME-Version: 1.0
Reply-To: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu

https://github.com/krb5/krb5/commit/512f5cde625253cba1e6f87e037a00ef88178882
commit 512f5cde625253cba1e6f87e037a00ef88178882
Author: Robbie Harwood <rharwood@redhat.com>
Date:   Mon May 20 16:52:57 2019 -0400

    Update default krb5kdc mkey manual-entry enctype
    
    Change from the legacy des-cbc-crc to the default for kdb5_util and
    kadmind, which is currently aes256-cts-hmac-sha1-96.

 doc/admin/admin_commands/krb5kdc.rst |    2 +-
 src/kdc/main.c                       |    2 +-
 src/man/krb5kdc.man                  |    2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/doc/admin/admin_commands/krb5kdc.rst b/doc/admin/admin_commands/krb5kdc.rst
index 08d40cc..631a0de 100644
--- a/doc/admin/admin_commands/krb5kdc.rst
+++ b/doc/admin/admin_commands/krb5kdc.rst
@@ -41,7 +41,7 @@ LDAP database.
 
 The **-k** *keytype* option specifies the key type of the master key
 to be entered manually as a password when **-m** is given; the default
-is ``des-cbc-crc``.
+is |defmkey|.
 
 The **-M** *mkeyname* option specifies the principal name for the
 master key in the database (usually ``K/M`` in the KDC's realm).
diff --git a/src/kdc/main.c b/src/kdc/main.c
index 16235d6..be54daf 100644
--- a/src/kdc/main.c
+++ b/src/kdc/main.c
@@ -777,7 +777,7 @@ initialize_realms(krb5_context kcontext, int argc, char **argv,
         case 'm':                       /* manual type-in of master key */
             manual = TRUE;
             if (menctype == ENCTYPE_UNKNOWN)
-                menctype = ENCTYPE_DES_CBC_CRC;
+                menctype = DEFAULT_KDC_ENCTYPE;
             break;
         case 'M':                       /* master key name in DB */
             mkey_name = optarg;
diff --git a/src/man/krb5kdc.man b/src/man/krb5kdc.man
index 062880c..e0cc519 100644
--- a/src/man/krb5kdc.man
+++ b/src/man/krb5kdc.man
@@ -61,7 +61,7 @@ LDAP database.
 .sp
 The \fB\-k\fP \fIkeytype\fP option specifies the key type of the master key
 to be entered manually as a password when \fB\-m\fP is given; the default
-is \fBdes\-cbc\-crc\fP\&.
+is \fBaes256\-cts\-hmac\-sha1\-96\fP\&.
 .sp
 The \fB\-M\fP \fImkeyname\fP option specifies the principal name for the
 master key in the database (usually \fBK/M\fP in the KDC\(aqs realm).
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
home help back first fref pref prev next nref lref last post