linux-announce AT lists.psi.ch
Subject: Linux Mailing List
List archive
- From: "Konrad Bucheli (PSI)" <konrad.bucheli AT psi.ch>
- To: linux-announce AT lists.psi.ch
- Cc: Kohler Marco <marco.kohler AT psi.ch>
- Subject: Re: [[Linux-announce] ] arcfour keytab issues
- Date: Thu, 30 Nov 2023 13:57:00 +0100
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 104.47.22.41) smtp.rcpttodomain=lists.psi.ch smtp.mailfrom=psi.ch; dmarc=pass (p=none sp=none pct=100) action=none header.from=psi.ch; dkim=none (message not signed); arc=none (0)
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=NMtcwbXh1hl+U5QqK30Wwqhpf41+oUUQl7x10JIBQZs=; b=j55CPR1CZcY3PUfLsN8AUuLo0m5OzNrLR7Ref+4lUptzy+XQtPtPcolH94v+F/buQhOuVvfi8nrGMe2wdQ7MImp7Mlg1vwOprZ/pswdib3LS6kbh3PcsCwZG5cQFEkRWTKkHN+LiSMzMLNC9W40FVcb+IvFXGD2J0RwshSFjRX3w36h7sagpQ2vBiTrElbx7prfmcRrjDbsiRdyGBIoufuIbXvMtxAjJLLWEKAAQkZsAa8wwargSN0Dy1pOKLs+384LJaf+zeR1/GJjLg1UHSQGim0ZhCrPnb0g7Bqc2MNHz2R663H0ZyHZKwZRH3bXUU5bNZLdK754w1+8G13Ga6g==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mf8uHWxaNYxKsNKeGg50Amu1MtaF68OicID2bT3g+5NkLiOSE86UiYTtFGTQZWKFqbc0TnVqz5rotdzKYGCz11MoeOWz3BOjzsxJS0Pgf1Gni7NK1dIDmLsWps7Ot7ka4v0NUbwPqQJ2cGgDuHZDYv80B83irMWAQFYJ2pVUtc89d6mOawmVvSQ1PA7lfqaASJod74HzX8I/ihusf0kDphvEUNhU+Q1ccD4hUJND9RcZVvOTRQFctnTGeoOSJysPxdeYG71hVigGOgWwmorj2AUQ+bVvkn+7i8MUreTjFHcSMTOz8rSOYC2MfJiTLfTlCzmGiwiTCSBgEgkLBxbLLw==
- Authentication-results: mc2.ethz.ch; iprev=pass (mail-gv0che01on2076.outbound.protection.outlook.com) smtp.remote-ip=40.107.23.76; spf=pass smtp.mailfrom=psi.ch; dkim=pass header.d=psi.ch header.s=selector2 header.a=rsa-sha256; dmarc=pass header.from=psi.ch
- Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=psi.ch;
PS: mit RHEL9 werden wir kein arcfour-hmac mehr anbieten
On 30.11.23 13:53, Konrad Bucheli (PSI) wrote:
Hi
With Release 8.9 of RedHat Enterprise Linux arcfour-hmac was removed from the legacy crypto algorithm set of Kerberos. As this is still used in some keytabs I brought it back today with an emergency release of our Puppet code.
Nonetheless please check your keytabs for the cryto algorithms used:
# klist -e -d -K -k /path/to/example.keytab
Keytab name: FILE:/path/to/example.keytab
KVNO Principal
---- --------------------------------------------------------------------------
5 gac-example AT D.PSI.CH (DEPRECATED:arcfour-hmac) (0xb1223971f9cf567d71680b9b366b3126)
#
and if it is just arcfour-hmac please consider scheduling a replacement. To do so please contact the AD-Team (Marco Kohler).
Please check the date on the security advisory by Microsoft suggesting to disable RC4:
https://learn.microsoft.com/en-us/security-updates/SecurityAdvisories/2013/2868725
Kind regards
Konrad
--
Paul Scherrer Institut
Konrad Bucheli
Linux Systems Engineer
Core Linux Research Services
Science IT Infrastructure and Services department (AWI)
OBBA/230
Forschungstrasse 111
5232 Villigen PSI
Switzerland
Phone: +41 56 310 27 24
konrad.bucheli AT psi.ch
www.psi.ch
-
[[Linux-announce] ] arcfour keytab issues,
Konrad Bucheli (PSI), 11/30/2023
- Re: [[Linux-announce] ] arcfour keytab issues, Konrad Bucheli (PSI), 11/30/2023
Archive powered by MHonArc 2.6.24.