Bug 1866695
Summary: | Document the impact of RC4 related changes on direct integration of SSSD to AD | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Filip Hanzelka <fhanzelk> |
Component: | doc-Release_Notes-8-en-US | Assignee: | Lucie Vařáková <lmanasko> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | RHEL DPM <rhel-docs> |
Severity: | unspecified | Docs Contact: | Filip Hanzelka <fhanzelk> |
Priority: | medium | ||
Version: | 8.3 | CC: | arajendr, jvilicic, rhel-docs, sbose |
Target Milestone: | rc | Keywords: | Documentation |
Target Release: | 8.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: |
.SSSD, adcli, and realmd now support the deprecated RC4 cipher suite with a new system-wide cryptographic subpolicy
This update introduces the new `AD-SUPPORT` cryptographic subpolicy that enables the Rivest Cipher 4 (RC4) cipher suite for the following utilities:
* the System Security Services Daemon (SSSD)
* `adcli`
* `realmd`
As an administrator, you can activate the new `AD-SUPPORT` subpolicy when Active Directory (AD) is not configured to use Advanced Encryption Standard (AES) in the following scenarios:
* SSSD is used on a RHEL system connected directly to AD.
* `adcli` is used to join an AD domain or to update host attributes, for example the host key.
* `realmd` is used to join an AD domain.
Red Hat recommends enabling the new subpolicy if one of the following conditions applies:
* The user or service accounts in AD have RC4 encryption keys and lack AES encryption keys.
* The trust links between individual Active Directory domains have RC4 encryption keys and lack AES encryption keys.
To enable the `AD-SUPPORT` subpolicy in addition to the `DEFAULT` cryptographic policy, enter:
[literal]
----
# update-crypto-policies --set DEFAULT:AD-SUPPORT
----
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-08-06 09:56:54 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |