45 lines
1.2 KiB
C
45 lines
1.2 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
/*
|
|
* Define the string that exports the set of kernel-supported
|
|
* Kerberos enctypes. This list is sent via upcall to gssd, and
|
|
* is also exposed via the nfsd /proc API. The consumers generally
|
|
* treat this as an ordered list, where the first item in the list
|
|
* is the most preferred.
|
|
*/
|
|
|
|
#ifndef _LINUX_SUNRPC_GSS_KRB5_ENCTYPES_H
|
|
#define _LINUX_SUNRPC_GSS_KRB5_ENCTYPES_H
|
|
|
|
#ifdef CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES
|
|
|
|
/*
|
|
* NB: This list includes encryption types that were deprecated
|
|
* by RFC 8429 (DES3_CBC_SHA1 and ARCFOUR_HMAC).
|
|
*
|
|
* ENCTYPE_AES256_CTS_HMAC_SHA1_96
|
|
* ENCTYPE_AES128_CTS_HMAC_SHA1_96
|
|
* ENCTYPE_DES3_CBC_SHA1
|
|
* ENCTYPE_ARCFOUR_HMAC
|
|
*/
|
|
#define KRB5_SUPPORTED_ENCTYPES "18,17,16,23"
|
|
|
|
#else /* CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES */
|
|
|
|
/*
|
|
* NB: This list includes encryption types that were deprecated
|
|
* by RFC 8429 and RFC 6649.
|
|
*
|
|
* ENCTYPE_AES256_CTS_HMAC_SHA1_96
|
|
* ENCTYPE_AES128_CTS_HMAC_SHA1_96
|
|
* ENCTYPE_DES3_CBC_SHA1
|
|
* ENCTYPE_ARCFOUR_HMAC
|
|
* ENCTYPE_DES_CBC_MD5
|
|
* ENCTYPE_DES_CBC_CRC
|
|
* ENCTYPE_DES_CBC_MD4
|
|
*/
|
|
#define KRB5_SUPPORTED_ENCTYPES "18,17,16,23,3,1,2"
|
|
|
|
#endif /* CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES */
|
|
|
|
#endif /* _LINUX_SUNRPC_GSS_KRB5_ENCTYPES_H */
|