[28481] in Source-Commits
kerberos-config commit: Unset allow_weak_crypto
daemon@ATHENA.MIT.EDU (Benjamin Kaduk)
Tue Mar 3 13:17:32 2015
Date: Tue, 3 Mar 2015 13:17:25 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
Message-Id: <201503031817.t23IHPKI025697@drugstore.mit.edu>
To: source-commits@mit.edu
https://github.com/mit-athena/kerberos-config/commit/44eb26c20afbdde30fca7718948a8abc608d0824
commit 44eb26c20afbdde30fca7718948a8abc608d0824
Author: Benjamin Kaduk <kaduk@mit.edu>
Date: Mon Feb 23 10:49:57 2015 -0500
Unset allow_weak_crypto
* Stop setting allow_weak_crypto; all MIT services are believed to be
compatible with strong enctypes (Trac: #1308)
* Modernize CSAIL.MIT.EDU configuration:
- Remove default_domain, used only used for mapping krb4 names to krb5 names
- Remove krb524_server, since krb4 is long-dead
debian/changelog | 10 ++++++++++
debian/transform_krb5.conf.debathena | 3 +--
2 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 998fab1..cb6a44b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+debathena-kerberos-config (1.20) unstable; urgency=low
+
+ * Stop setting allow_weak_crypto; all MIT services are believed to be
+ compatible with strong enctypes (Trac: #1308)
+ * Modernize CSAIL.MIT.EDU configuration:
+ - Remove default_domain, used only used for mapping krb4 names to krb5 names
+ - Remove krb524_server, since krb4 is long-dead
+
+ -- Benjamin Kaduk <kaduk@mit.edu> Mon, 23 Feb 2015 10:49:00 -0500
+
debathena-kerberos-config (1.19) unstable; urgency=low
* Modernize ATHENA.MIT.EDU configuration:
diff --git a/debian/transform_krb5.conf.debathena b/debian/transform_krb5.conf.debathena
index caf3f91..ad4bf61 100755
--- a/debian/transform_krb5.conf.debathena
+++ b/debian/transform_krb5.conf.debathena
@@ -1,7 +1,7 @@
#!/usr/bin/perl -p0
s/^([ \t]*default_realm *=).*$/\1 ATHENA.MIT.EDU/m or die;
s/(\[realms\][^[]*\n)[ \t]*CSAIL\.MIT\.EDU\s*=\s*\{[^}]*\}\s*\n/\1/;
-s/(\[realms\]\n)/\1\tCSAIL.MIT.EDU = {\n\t\tkdc = kerberos-1.csail.mit.edu\n\t\tkdc = kerberos-2.csail.mit.edu\n\t\tadmin_server = kerberos.csail.mit.edu\n\t\tdefault_domain = csail.mit.edu\n\t\tkrb524_server = krb524.csail.mit.edu\n\t}\n/ or die;
+s/(\[realms\]\n)/\1\tCSAIL.MIT.EDU = {\n\t\tkdc = kerberos-1.csail.mit.edu\n\t\tkdc = kerberos-2.csail.mit.edu\n\t\tadmin_server = kerberos.csail.mit.edu\n\t}\n/ or die;
s/(\[realms\][^[]*\n)[ \t]*ATHENA\.MIT\.EDU\s*=\s*\{[^}]*\}\s*\n/\1/;
s/(\[realms\]\n)/\1\tATHENA.MIT.EDU = {\n\t\tkdc = kerberos.mit.edu\n\t\tkdc = kerberos-1.mit.edu\n\t\tkdc = kerberos-2.mit.edu\n\t\tadmin_server = kerberos.mit.edu\n\t\tmaster_kdc = kerberos.mit.edu\n\t}\n/ or die;
s/(\[domain_realm\][^[]*\n)[ \t]*csail\.mit\.edu\s*=[^\n]*\n/\1/;
@@ -20,4 +20,3 @@ s/(\[domain_realm\][^[]*\n)[ \t]*exchange.mit\.edu\s*=[^\n]*\n/\1/;
s/(\[domain_realm\]\n)/\1\texchange.mit.edu = EXCHANGE.MIT.EDU\n/ or die;
s/(\[domain_realm\][^[]*\n)[ \t]*\.exchange.mit\.edu\s*=[^\n]*\n/\1/;
s/(\[domain_realm\]\n)/\1\t.exchange.mit.edu = EXCHANGE.MIT.EDU\n/ or die;
-s/(\[libdefaults\]\n)/\1\tallow_weak_crypto = true\n/ or die;
