1. 21 Jul, 2020 1 commit
  2. 02 Jul, 2020 1 commit
  3. 01 Jul, 2020 2 commits
  4. 30 Jun, 2020 1 commit
  5. 29 Jun, 2020 2 commits
    • Alexander Bokovoy's avatar
      Add AD-SUPPORT policy module · eefa3be3
      Alexander Bokovoy authored
      RC4 cipher is widely used in Active Directory environment.
      
      For all AD environments since Windows Server 2008:
      
       - default encryption type for users and services is still RC4 despite
         allowing to enable AES or future encryption types.
      
       - changing forest- or domain-wide policy to enable AES encryption types
         does not change existing user and services' Kerberos keys. They still
         have only RC4 unless they changed user password or machine account
         password.
      
       - when trust is established between AD domains in the same forest,
         default encryption type for trusted domain object (krbtgt/...) is RC4
         only, unless there is a forest- or domain-wide policy to enable AES
         encryption type is in action.
      
       - removing RC4 from the policy in AD leads to situation that no
         Kerberos ticket can be issued at all.
      
      Add AD-SUPPORT policy module that can be used by administrators to add RC4
      ciphers back to the supported list with
      
         update-crypto-policies --set DEFAULT:AD-SUPPORT
      
      There is no need to enable AD-SUPPORT by default but FreeIPA and Samba
      will benefit from the presence of this policy module and handle
      enablement automatically in case it is needed.
      Signed-off-by: default avatarAlexander Bokovoy <[email protected]>
      eefa3be3
    • Tomas Mraz's avatar
      c4f10048
  6. 25 Jun, 2020 2 commits
  7. 24 Jun, 2020 2 commits
  8. 19 Jun, 2020 1 commit
  9. 17 Jun, 2020 1 commit
    • Alexander Sosedkin's avatar
      Explicitly enable DSA for gnutls · e9559fe0
      Alexander Sosedkin authored
      Since gnutls 3.4.0, DSA is no longer included in NORMAL
      and have to be specified explicitly.
      Otherwise all policies, including LEGACY, have it disabled.
      
      This is very similar to eaabcb7c / MR#62.
      e9559fe0
  10. 10 Jun, 2020 2 commits
  11. 03 Jun, 2020 4 commits
  12. 27 May, 2020 6 commits
  13. 26 May, 2020 5 commits
  14. 15 May, 2020 1 commit
  15. 13 May, 2020 2 commits
  16. 07 May, 2020 1 commit
  17. 12 Mar, 2020 3 commits
  18. 11 Mar, 2020 3 commits