Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Changing test keytab to use aes256-cts-hmac-sha1-96 instead of des3-cbc-sha1-kd (#78703) #79874

Merged
merged 1 commit into from
Oct 26, 2021
Merged

Changing test keytab to use aes256-cts-hmac-sha1-96 instead of des3-cbc-sha1-kd (#78703) #79874

merged 1 commit into from
Oct 26, 2021

Conversation

masseyke
Copy link
Member

The des3-cbc-sha1-kd encryption type is deprecated and no longer supported by newer jvm, causing tests
that use the krb5kdc-fixture to fail. This commit changes the encryption type of the test keytab to
aes256-cts-hmac-sha1-96.
Relates #78423 #78703

@masseyke
Changing test keytab to use aes256-cts-hmac-sha1-96 instead of des3-c…
2f0395e 
…bc-sha1-kd (elastic#78703)

The des3-cbc-sha1-kd encryption type is deprecated and no longer supported by newer jvm, causing tests
that use the krb5kdc-fixture to fail. This commit changes the encryption type of the test keytab to
aes256-cts-hmac-sha1-96.
Relates elastic#78423
@masseyke masseyke requested review from jkakavas and removed request for jkakavas October 26, 2021 21:24
jkakavas
jkakavas approved these changes Oct 26, 2021
View reviewed changes
Copy link
Member

@jkakavas jkakavas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. I have the strangest feeling that I reviewed this PR recently :/

test/fixtures/krb5kdc-fixture/src/main/resources/provision/krb5.conf.template
@@ -14,9 +14,9 @@
ignore_acceptor_hostname = true
rdns = false
# des3-cbc-sha1-kd is the only enctype available in fips 140-2
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's remove this comment while we;'re at it

@masseyke masseyke merged commit ca97b68 into elastic:7.16 Oct 26, 2021
@masseyke masseyke deleted the fix/update-keytab-encryption-type-7.16 branch October 26, 2021 22:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jkakavas jkakavas jkakavas approved these changes

Assignees
No one assigned
Labels
backport v7.16.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@masseyke @jkakavas @danhermann @elasticsearchmachine