Skip to content

Changing test keytab to use aes256-cts-hmac-sha1-96 instead of des3-cbc-sha1-kd (#78703) #79874

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 26, 2021
Merged

Changing test keytab to use aes256-cts-hmac-sha1-96 instead of des3-cbc-sha1-kd (#78703) #79874

merged 1 commit into from
Oct 26, 2021

Conversation

@masseyke
Copy link
Member

@masseyke masseyke commented Oct 26, 2021

The des3-cbc-sha1-kd encryption type is deprecated and no longer supported by newer jvm, causing tests
that use the krb5kdc-fixture to fail. This commit changes the encryption type of the test keytab to
aes256-cts-hmac-sha1-96.
Relates #78423 #78703

@masseyke
Changing test keytab to use aes256-cts-hmac-sha1-96 instead of des3-c…
2f0395e 
…bc-sha1-kd (elastic#78703)

The des3-cbc-sha1-kd encryption type is deprecated and no longer supported by newer jvm, causing tests
that use the krb5kdc-fixture to fail. This commit changes the encryption type of the test keytab to
aes256-cts-hmac-sha1-96.
Relates elastic#78423
@masseyke masseyke requested review from jkakavas and removed request for jkakavas October 26, 2021 21:24
jkakavas
jkakavas approved these changes Oct 26, 2021
View reviewed changes
Copy link
Contributor

@jkakavas jkakavas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. I have the strangest feeling that I reviewed this PR recently :/

test/fixtures/krb5kdc-fixture/src/main/resources/provision/krb5.conf.template
forwardable = true
ignore_acceptor_hostname = true
rdns = false
# des3-cbc-sha1-kd is the only enctype available in fips 140-2
Copy link
Contributor

@jkakavas jkakavas Oct 26, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's remove this comment while we;'re at it

@masseyke masseyke merged commit ca97b68 into elastic:7.16 Oct 26, 2021
@masseyke masseyke deleted the fix/update-keytab-encryption-type-7.16 branch October 26, 2021 22:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jkakavas jkakavas jkakavas approved these changes

Assignees

No one assigned

Labels

backport v7.16.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@masseyke @jkakavas @danhermann @elasticsearchmachine