04c5798 ipasam: do not use RC4 in FIPS mode

1 file Authored by abbra 5 years ago, Committed by tdudlak 5 years ago,
    ipasam: do not use RC4 in FIPS mode
    
    When creating Kerberos keys for trusted domain object account, ipasam
    module requests to generate keys using a series of well-known encryption
    types. In FIPS mode it is not possible to generate RC4-HMAC key:
    MIT Kerberos is using openssl crypto backend and openssl does not allow
    use of RC4 in FIPS mode.
    
    Thus, we have to filter out RC4-HMAC encryption type when running in
    FIPS mode. A side-effect is that a trust to Active Directory running
    with Windows Server 2003 will not be possible anymore in FIPS mode.
    
    Resolves: https://pagure.io/freeipa/issue/7659
    Reviewed-By: Robbie Harwood <rharwood@redhat.com>
    
        
file modified
+19 -4