git.samba.org - samba.git/commit

author	Isaac Boukris <iboukris@gmail.com>
	Thu, 24 Oct 2019 15:32:37 +0000 (18:32 +0300)
committer	Isaac Boukris <iboukris@sn-devel-184>
	Tue, 19 Nov 2019 14:48:41 +0000 (14:48 +0000)
commit	982aa328f6502f28cc117e15bf0f936a132ddeca
tree	71c9afe639d17f84ad39954aaf541098545e5faf	tree
parent	e8015d8a3485092e12d610e565c8c4ee2be937b6	commit \| diff

password_hash: do not generate single DES keys

Per RFC-6649 single DES enctypes should not be used.

MIT has retired single DES encryption types, see:
https://web.mit.edu/kerberos/krb5-1.12/doc/admin/advanced/retiring-des.html

As a workaround, store random keys instead, making the usage of signle DES
encryption types virtually impossible.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14202

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

source4/dsdb/samdb/ldb_modules/password_hash.c

diff | blob | history

Samba Shared Repository

RSS Atom