返回
-
标题
ER: Don't create host keytabs with vulnerable encryption type RC4. -
说明
When vasd resets the computer object password, the keytab is written with RC4 encryption, now considered vulnerable. I would like an enhancement to write keytab entries in only the encryption methods listed in vas.conf libdefaults default_etypes. -
解决办法
STATUSEnhancement request number 799858 has been submitted to Development for consideration in a future release of Authentication Services. -
变更请求
799858 -
其他信息
As long as vas.conf is set up to not use arcfour, QAS shouldn't use it. This can be confirmed if you have default_etypes set to aes, by running the following two commands and confirming that nothing related to arcfour-hmac-md5 is shown: /opt/quest/bin/vastool kinit -S host/ host/ /opt/quest/bin/vastool klist -v