From e5c9c751e625078fbfb6c15db7085c03762c1c70 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Nov 05 2019 14:45:19 +0000
Subject: Enable AES SHA 256 and 384-bit enctypes in Kerberos


https://pagure.io/freeipa/issue/8110

Reviewed-By: Christian Heimes <cheimes@redhat.com>

---

diff --git a/install/share/kerberos.ldif b/install/share/kerberos.ldif
index b96399e..3b75b44 100644
--- a/install/share/kerberos.ldif
+++ b/install/share/kerberos.ldif
@@ -18,6 +18,10 @@ krbSupportedEncSaltTypes: aes256-cts:normal
 krbSupportedEncSaltTypes: aes256-cts:special
 krbSupportedEncSaltTypes: aes128-cts:normal
 krbSupportedEncSaltTypes: aes128-cts:special
+krbSupportedEncSaltTypes: aes128-sha2:normal
+krbSupportedEncSaltTypes: aes128-sha2:special
+krbSupportedEncSaltTypes: aes256-sha2:normal
+krbSupportedEncSaltTypes: aes256-sha2:special
 ${FIPS}krbSupportedEncSaltTypes: camellia128-cts-cmac:normal
 ${FIPS}krbSupportedEncSaltTypes: camellia128-cts-cmac:special
 ${FIPS}krbSupportedEncSaltTypes: camellia256-cts-cmac:normal
diff --git a/install/updates/50-krbenctypes.update b/install/updates/50-krbenctypes.update
index ef419bc..495a8b5 100644
--- a/install/updates/50-krbenctypes.update
+++ b/install/updates/50-krbenctypes.update
@@ -3,3 +3,7 @@ add: krbSupportedEncSaltTypes: camellia128-cts-cmac:normal
 add: krbSupportedEncSaltTypes: camellia128-cts-cmac:special
 add: krbSupportedEncSaltTypes: camellia256-cts-cmac:normal
 add: krbSupportedEncSaltTypes: camellia256-cts-cmac:special
+add: krbSupportedEncSaltTypes: aes128-sha2:normal
+add: krbSupportedEncSaltTypes: aes128-sha2:special
+add: krbSupportedEncSaltTypes: aes256-sha2:normal
+add: krbSupportedEncSaltTypes: aes256-sha2:special