Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1690903 - [IDM][Kerberos][RFE]: Ability to set kerberos encryption type during the installation [NEEDINFO]
Summary: [IDM][Kerberos][RFE]: Ability to set kerberos encryption type during the inst...
Keywords:
Status: NEW
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.6
Hardware: x86_64
OS: Linux
unspecified
low
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: ipa-qe
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-03-20 12:54 UTC by Abhinay Reddy Peddireddy
Modified: 2019-04-08 16:29 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:
apeddire: needinfo? (ipa-maint)


Attachments (Terms of Use)

Description Abhinay Reddy Peddireddy 2019-03-20 12:54:42 UTC
Description of problem:

Currently, it is not possible to set enc type for kerberos service at the installation step. Which means that we have to modify them afterwards and to reinitialize every keytab, which is painful.

Version-Release number of selected component (if applicable):

RHEL 7.6 

ipa-ipa-server-4.6.4-10.el7_6.3.x86_64

Expected results:

To be able to set kerberos encryption types during the installation

Comment 4 Alexander Bokovoy 2019-03-20 13:56:23 UTC
It is totally unclear what is asked for. What 'kerberos service' means here? Kerberos service principals? Which ones? What else? 

There are already means to supply own snippet overrides for krb5.conf via /etc/krb5.conf.d/. If those installed before deploying IPA, they would effectively be used by KDC and MIT Kerberos library, overriding any other defaults. Finally, in RHEL 8.0 beta there is integration between system-wide crypto policy and MIT Kerberos, which allows enforcement of secure defaults for all applications system-wide.

Unless it is explained in more details what is actually wanted to provide here, this bug will be closed as it makes no sense.


Note You need to log in before you can comment on or make changes to this bug.