I try to switch from Samba to NFSv4 since it works in jail starting from 14.0-RELEASE, but I want a bit of security. I use the following guide: https://www.freebsdhandbook.com/security#kerberos5
After I installed security/heimdal I noticed, that 2 versions of kadmin exist.
/usr/bin/kadmin
/usr/local/bin/kadmin
When handbook tells to run
It segfaults during init phase
/usr/local/bin/kadmin doesn't crash, but fails to initialize database with
RC4 looks insecure, maybe it was removed from OpenSSL in base?
Since I'm not familiar with Kerberos at all, maybe you can give my some hints how to initialize realm database? Or maybe Kerberos just not plays well with FreeBSD ?
After I installed security/heimdal I noticed, that 2 versions of kadmin exist.
/usr/bin/kadmin
/usr/local/bin/kadmin
When handbook tells to run
kadmin -l
, base verion will be picked by default.It segfaults during init phase
Code:
root@kerberos:/ # kadmin -l
kadmin> init EXAMPLE.COM
Realm max ticket life [unlimited]:
Realm max renewable ticket life [unlimited]:
Segmentation fault (core dumped)
Code:
root@kerberos:/ # /usr/local/bin/kadmin -l
kadmin> init EXAMPLE.COM
Realm max ticket life [unlimited]:
Realm max renewable ticket life [unlimited]:
kadmin: rc4 8: EVP_CipherInit_ex einit
RC4 looks insecure, maybe it was removed from OpenSSL in base?
Since I'm not familiar with Kerberos at all, maybe you can give my some hints how to initialize realm database? Or maybe Kerberos just not plays well with FreeBSD ?