반품
-
제목
ER: Don't create host keytabs with vulnerable encryption type RC4. -
설명
When vasd resets the computer object password, the keytab is written with RC4 encryption, now considered vulnerable. I would like an enhancement to write keytab entries in only the encryption methods listed in vas.conf libdefaults default_etypes. -
해결 방안
STATUSEnhancement request number 799858 has been submitted to Development for consideration in a future release of Authentication Services. -
변경 요청
799858 -
추가 정보
As long as vas.conf is set up to not use arcfour, QAS shouldn't use it. This can be confirmed if you have default_etypes set to aes, by running the following two commands and confirming that nothing related to arcfour-hmac-md5 is shown: /opt/quest/bin/vastool kinit -S host/ host/ /opt/quest/bin/vastool klist -v