#1407 Revert sssd patch for limiting enctypes to keytab
Closed: Fixed None Opened 6 years ago by stefw.

In https://bugzilla.redhat.com/show_bug.cgi?id=811375 we patched sssd to workaround an issue in the kerberos libraries where using a samba3 generated keytab (which doesn't support AES) with a Windows 2008 server (which does support AES).

However this patch caused problems when people configured default_tkt_enctypes manually.

We discussed this on a phone call yesterday:

The decision we've made is that we're going to address this in libkrb5 rather than SSSD. We will backport the fix for krb5 1.11.x into the versions carried in RHEL and Fedora and recommend that other distributions do the same.

For this to work properly, we will revert the patch that Stef originally committed to SSSD.


Fields changed

component: SSSD => Kerberos Provider
milestone: NEEDS_TRIAGE => SSSD 1.9.0 beta 4
owner: somebody => stefw
priority: major => blocker

Fixed by aa2c6f4

resolution: => fixed
status: new => closed

Fields changed

design: =>
design_review: => 0
fedora_test_page: =>
review: => 0
rhbz: => 0
selected: =>

Metadata Update from @stefw:
- Issue assigned to stefw
- Issue set to the milestone: SSSD 1.9.0 beta 4

2 years ago

Login to comment on this ticket.

Metadata