Displaying 3 results from an estimated 3 matches for "allow_weak_keys".
2014 Dec 22
2
How to disable des and rc4 in the active directory domain controller ?
Hi,
When I run 'samba-tool domain exportkeytab', I found the exported
keytab file include arcfour-hmac-md5, aes256-cts-hmac-sha1-96,
aes128-cts-hmac-sha1-96, des-cbc-md5, and des-cbc-crc. It seems that
modify /etc/krb5.conf no help.
My DC running with samba 4.1.13, and the server role is active
directory domain controller.
Thanks,
Dongsheng
2014 Dec 28
1
How to disable des and rc4 in the active directory domain controller ?
...arcfour-hmac-md5, aes256-cts-hmac-sha1-96,
>> aes128-cts-hmac-sha1-96, des-cbc-md5, and des-cbc-crc. It seems that
>> modify /etc/krb5.conf no help.
>>
>> My DC running with samba 4.1.13, and the server role is active
>> directory domain controller.
>
> The 'allow_weak_keys = false' option (which is the default) in the
> krb5.conf is the tool for controlling this. Currently this only
> disables DES, and only at runtime, not at the layer the keytab export
> uses.
>
> When we update Heimdal, we will have to be careful, as I checked
> recently and...
2014 Dec 28
0
How to disable des and rc4 in the active directory domain controller ?
...ted
> keytab file include arcfour-hmac-md5, aes256-cts-hmac-sha1-96,
> aes128-cts-hmac-sha1-96, des-cbc-md5, and des-cbc-crc. It seems that
> modify /etc/krb5.conf no help.
>
> My DC running with samba 4.1.13, and the server role is active
> directory domain controller.
The 'allow_weak_keys = false' option (which is the default) in the
krb5.conf is the tool for controlling this. Currently this only
disables DES, and only at runtime, not at the layer the keytab export
uses.
When we update Heimdal, we will have to be careful, as I checked
recently and arcfour-hmac-md5 has been de...