Bug#1052962: Use modern key type for MIT Kerberos database master key

To: submit@bugs.debian.org
Subject: Bug#1052962: Use modern key type for MIT Kerberos database master key
From: Guido Berhoerster <guido@berhoerster.name>
Date: Tue, 26 Sep 2023 16:10:42 +0200
Message-id: <[🔎] f1876a9a-dd5d-cfef-43c3-9e404f50160b@berhoerster.name>
Reply-to: Guido Berhoerster <guido@berhoerster.name>, 1052962@bugs.debian.org

Package: debian-edu-config
Version: 2.12.36

Currently Kerberos is configured to use des3-hmac-sha1 key types, the 
setting in /etc/krb5kdc/kdc.conf should probably just be removed so a 
sane default value is used. This probably only needs to be changed for
new installations and it is not woth the effort to change existing 
master keys.  However, it is possible to upgrade them if desired.

See 
https://web.mit.edu/kerberos/krb5-latest/doc/admin/advanced/retiring-des.html#the-database-master-key
for details.

-- 
Guido Berhoerster

Reply to:

Prev by Date: Bug#1052957: debian-edu-fai: FTBFS: dpkg-gencontrol: error: the Depends field contains an arch-specific dependency but the package 'debian-edu-fai' is architecture all
Next by Date: Bug#1052957: marked as done (debian-edu-fai: FTBFS: dpkg-gencontrol: error: the Depends field contains an arch-specific dependency but the package 'debian-edu-fai' is architecture all)
Previous by thread: Processed: Bug#1052957 marked as pending in debian-edu-fai
Next by thread: Processing of debian-edu-fai_2023.09.26.3_source.changes
Index(es):
- Date
- Thread