git.samba.org / sfrench / cifs-2.6.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge tag 'acpi-5.1-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael...
[sfrench/cifs-2.6.git] / net / sunrpc / Kconfig
diff --git a/net/sunrpc/Kconfig b/net/sunrpc/Kconfig
index ac09ca8032965bfd4280fb3f6d3410c08cbda243..83f5617bae07eda1cdada10022c541d0b6d2d239 100644 (file)
--- a/net/sunrpc/Kconfig
+++ b/net/sunrpc/Kconfig
@@ -34,6 +34,22 @@ config RPCSEC_GSS_KRB5
 
          If unsure, say Y.
 
+config CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES
+       bool "Secure RPC: Disable insecure Kerberos encryption types"
+       depends on RPCSEC_GSS_KRB5
+       default n
+       help
+         Choose Y here to disable the use of deprecated encryption types
+         with the Kerberos version 5 GSS-API mechanism (RFC 1964). The
+         deprecated encryption types include DES-CBC-MD5, DES-CBC-CRC,
+         and DES-CBC-MD4. These types were deprecated by RFC 6649 because
+         they were found to be insecure.
+
+         N is the default because many sites have deployed KDCs and
+         keytabs that contain only these deprecated encryption types.
+         Choosing Y prevents the use of known-insecure encryption types
+         but might result in compatibility problems.
+
 config SUNRPC_DEBUG
        bool "RPC: Enable dprintk debugging"
        depends on SUNRPC && SYSCTL
Unnamed repository; edit this file 'description' to name the repository.