From f2a337caaf82fca4a8d7c347454b412ba2b4a0dd Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Dec 19 2022 17:08:02 +0000 Subject: FIPS setup: fix typo filtering camellia encryption The config file /var/kerberos/krb5kdc/kdc.conf is customized during IPA server installation with a list of supported encryption types. In FIPS mode, camellia encryption is not supported and should be filtered out. Because of a typo in the filtering method, the camellia encryptions are appended while they should not. Fix the typo (camelia vs camellia) in order to filter properly. Signed-off-by: Florence Blanc-Renaud Reviewed-By: Alexander Bokovoy --- diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py index a5eaa7b..dc77050 100644 --- a/ipaserver/install/krbinstance.py +++ b/ipaserver/install/krbinstance.py @@ -282,7 +282,7 @@ class KrbInstance(service.Service): if fips_enabled: supported_enctypes = list( - filter(lambda e: not e.startswith('camelia'), + filter(lambda e: not e.startswith('camellia'), SUPPORTED_ENCTYPES)) else: supported_enctypes = SUPPORTED_ENCTYPES