Opened 11 years ago
Closed 11 years ago
#381 closed enhancement (fixed)
Disable allow_weak_crypto on scripts
| Reported by: | andersk | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | internals | Keywords: | F19 |
| Cc: |
Description
Now that OpenAFS is fixed, none of our servers should need allow_weak_crypto. We should disable it everywhere.
We may need to contact users that use kinit on scripts, which at the time of this writing, is likely to be approximated by
[andersk@whole-enchilada]:~$ ls /tmp/krb5cc_* -l -rw------- 1 freeculture freeculture 1145 Jul 24 03:17 /tmp/krb5cc_536886288 -rw------- 1 pony pony 735 Jul 26 18:02 /tmp/krb5cc_536890340 -rw------- 1 afarrell afarrell 697 Jul 20 18:56 /tmp/krb5cc_537865110 -rw------- 1 gdb gdb 695 Jul 26 00:00 /tmp/krb5cc_537883327 -rw------- 1 joeyhkim joeyhkim 1595 Jul 14 00:00 /tmp/krb5cc_538023618 -rw------- 1 ezyang ezyang 1127 Jul 26 17:59 /tmp/krb5cc_ezyang_extra
Change History (3)
comment:1 Changed 11 years ago by adehnert
- Resolution set to fixed
- Status changed from new to closed
comment:2 Changed 11 years ago by adehnert
- Resolution fixed deleted
- Status changed from closed to reopened
comment:3 Changed 11 years ago by adehnert
- Keywords F19 added
- Resolution set to fixed
- Status changed from reopened to closed
Note: See
TracTickets for help on using
tickets.
Committed to the fc19-dev branch, and deployed to c-w. This seems like a good thing to fix as part of a Fedora upgrade, and we have one coming Real Soon Now. If this seems like a bad idea, tell me / revert the commit (or if you think we should do it sooner). We may want to mention this in the release notes, but I don't think it requires any communication beyond that if we're doing it as part of the F19 upgrade.