Opened 8 years ago

Closed 8 years ago

#381 closed enhancement (fixed)

Disable allow_weak_crypto on scripts

Reported by: andersk Owned by:
Priority: minor Milestone:
Component: internals Keywords: F19
Cc:

Description

Now that OpenAFS is fixed, none of our servers should need allow_weak_crypto. We should disable it everywhere.

We may need to contact users that use kinit on scripts, which at the time of this writing, is likely to be approximated by

[andersk@whole-enchilada]:~$ ls /tmp/krb5cc_* -l
-rw------- 1 freeculture freeculture 1145 Jul 24 03:17 /tmp/krb5cc_536886288
-rw------- 1 pony        pony         735 Jul 26 18:02 /tmp/krb5cc_536890340
-rw------- 1 afarrell    afarrell     697 Jul 20 18:56 /tmp/krb5cc_537865110
-rw------- 1 gdb         gdb          695 Jul 26 00:00 /tmp/krb5cc_537883327
-rw------- 1 joeyhkim    joeyhkim    1595 Jul 14 00:00 /tmp/krb5cc_538023618
-rw------- 1 ezyang      ezyang      1127 Jul 26 17:59 /tmp/krb5cc_ezyang_extra

Change History (3)

comment:1 Changed 8 years ago by adehnert

  • Resolution set to fixed
  • Status changed from new to closed

Committed to the fc19-dev branch, and deployed to c-w. This seems like a good thing to fix as part of a Fedora upgrade, and we have one coming Real Soon Now. If this seems like a bad idea, tell me / revert the commit (or if you think we should do it sooner). We may want to mention this in the release notes, but I don't think it requires any communication beyond that if we're doing it as part of the F19 upgrade.

comment:2 Changed 8 years ago by adehnert

  • Resolution fixed deleted
  • Status changed from closed to reopened

comment:3 Changed 8 years ago by adehnert

  • Keywords F19 added
  • Resolution set to fixed
  • Status changed from reopened to closed
Note: See TracTickets for help on using tickets.