Bug 1866695 - Document the impact of RC4 related changes on direct integration of SSSD to AD
Summary: Document the impact of RC4 related changes on direct integration of SSSD to AD
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: doc-Release_Notes-8-en-US
Version: 8.3
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: rc
: 8.0
Assignee: Lucie Maňásková
QA Contact: RHEL DPM
Filip Hanzelka
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-08-06 07:16 UTC by Filip Hanzelka
Modified: 2020-11-30 17:13 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
.SSSD, adcli, and realmd now support the deprecated RC4 cipher suite with a new system-wide cryptographic subpolicy This update introduces the new `AD-SUPPORT` cryptographic subpolicy that enables the Rivest Cipher 4 (RC4) cipher suite for the following utilities: * the System Security Services Daemon (SSSD) * `adcli` * `realmd` As an administrator, you can activate the new `AD-SUPPORT` subpolicy when Active Directory (AD) is not configured to use Advanced Encryption Standard (AES) in the following scenarios: * SSSD is used on a RHEL system connected directly to AD. * `adcli` is used to join an AD domain or to update host attributes, for example the host key. * `realmd` is used to join an AD domain. Red Hat recommends enabling the new subpolicy if one of the following conditions applies: * The user or service accounts in AD have RC4 encryption keys and lack AES encryption keys. * The trust links between individual Active Directory domains have RC4 encryption keys and lack AES encryption keys. To enable the `AD-SUPPORT` subpolicy in addition to the `DEFAULT` cryptographic policy, enter: [literal] ---- # update-crypto-policies --set DEFAULT:AD-SUPPORT ----
Clone Of:
Environment:
Last Closed: 2020-08-06 09:56:54 UTC
Type: Bug
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 5502611 0 None None None 2020-10-20 11:00:11 UTC


Note You need to log in before you can comment on or make changes to this bug.