Whamcloud - gitweb
git://git.whamcloud.com / fs / lustre-release.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 69e67fb) | patch
LU-18256 gss: deprecate insecure enctypes 12/56512/5
authorSebastien Buisson <sbuisson@ddn.com>
Fri, 27 Sep 2024 07:48:44 +0000 (09:48 +0200)
committerOleg Drokin <green@whamcloud.com>
Sun, 24 Nov 2024 06:06:33 +0000 (06:06 +0000)
commitc7cf29768731deee7864c1084ff8b8c6be379867
treefe741cf7f8f89e1af5c6f446a3f7809546c5e12dtree | snapshot
parent69e67fb582f846af45ac608b32be716e435d34e4commit | diff
LU-18256 gss: deprecate insecure enctypes

A number of encryption types declared in the GSS code are deprecated
for security reasons, and should not be used. So remove support for
them in the Lustre code:
- des-cbc-crc
- des-cbc-md4
- des-cbc-md5
- des-cbc-raw
- des-hmac-sha1
- des3-cbc-sha
- des3-cbc-raw
- des3-cbc-sha1
- arcfour-hmac
- arcfour-hmac-exp

Test-Parameters: trivial
Test-Parameters: testgroup=review-dne-selinux-ssk-part-1
Test-Parameters: testgroup=review-dne-selinux-ssk-part-2
Test-Parameters: kerberos=true testlist=sanity-krb5
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: Ic8dd2470339323be88a416796c8d420ecd2f55e4
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/56512
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Aurelien Degremont <adegremont@nvidia.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
lustre/autoconf/kerberos5.m4 diff | blob | history
lustre/ptlrpc/gss/gss_krb5.h diff | blob | history
lustre/ptlrpc/gss/gss_krb5_mech.c diff | blob | history
lustre/utils/gss/context_lucid.c diff | blob | history
lustre/utils/gss/lgss_utils.h diff | blob | history
Lustre primary development and releases