#1407 Revert sssd patch for limiting enctypes to keytab
Closed: Fixed None Opened 10 years ago by stefw.

In https://bugzilla.redhat.com/show_bug.cgi?id=811375 we patched sssd to workaround an issue in the kerberos libraries where using a samba3 generated keytab (which doesn't support AES) with a Windows 2008 server (which does support AES).

However this patch caused problems when people configured default_tkt_enctypes manually.

We discussed this on a phone call yesterday:

The decision we've made is that we're going to address this in libkrb5 rather than SSSD. We will backport the fix for krb5 1.11.x into the versions carried in RHEL and Fedora and recommend that other distributions do the same.

For this to work properly, we will revert the patch that Stef originally committed to SSSD.

Fields changed

component: SSSD => Kerberos Provider
milestone: NEEDS_TRIAGE => SSSD 1.9.0 beta 4
owner: somebody => stefw
priority: major => blocker

Fixed by aa2c6f4

resolution: => fixed
status: new => closed

Fields changed

design: =>
design_review: => 0
fedora_test_page: =>
review: => 0
rhbz: => 0
selected: =>

Metadata Update from @stefw:
- Issue assigned to stefw
- Issue set to the milestone: SSSD 1.9.0 beta 4

5 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2449

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.