= Proposed Self Contained Change: Crypto policy support for Kerberos = https://fedoraproject.org/wiki/Changes/CryptoPolicyKrb5 Change owner(s): * Nikos Mavrogiannopoulos <nmav AT redhat DOT com> Fedora supports a system wide crypto policy and Kerberos should respect that policy and adjust its crypto-related configuration based on it. == Detailed Description == Fedora supports a system wide crypto policy and Kerberos should respect that policy and adjust its crypto-related configuration based on it. As it is now kerberos' configuration is hard coded and the administrator is responsible for doing any changes to it. In case of software upgrades he's tasked to keep up-to-date the list of ciphers allowed, modify the cryptographic parameters etc. Kerberos following the system-wide crypto policy by default would simplify the tasks of the administrator and reduce errors due to not disabling an insecure cipher or enabling incorrect crypto settings. That way unless the administrator changes the configuration the policies the Kerberos configuration will be kept up to date and will be consistent with the policies followed in other parts of the system. == Scope == Proposal owners: * The kerberos configuration should be able to include an external part generated by the crypto policies package. This is tracked in bugzilla. Other developers: N/A (not a System Wide Change) Release engineering: N/A (not a System Wide Change) List of deliverables: N/A (not a System Wide Change) Policies and guidelines: N/A (not a System Wide Change) Trademark approval: N/A (not needed for this Change) -- Jan Kuřík Platform & Fedora Program Manager Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
