Migration Planning Guide
1. Introduction
Expand section "1. Introduction" Collapse section "1. Introduction"
1. 1.1. Red Hat Enterprise Linux 6
2. 1.2. Application Compatibility
2. Installation
Expand section "2. Installation" Collapse section "2. Installation"
1. 2.1. Kernel and Boot Options
2. 2.2. Graphical Installer
  Expand section "2.2. Graphical Installer" Collapse section "2.2. Graphical Installer"
  1. 2.2.1. Devices and Disks
  2. 2.2.2. Kickstart
    
    Expand section "2.2.2. Kickstart" Collapse section "2.2.2. Kickstart"
    
    2.2.2.1. Behavioral Changes
    
    2.2.2.2. Command Changes
    
    2.2.2.3. Packages Changes
    
    2.2.2.4. Script Changes
    
    2.2.2.5. Syntax Changes
    
    2.2.2.6. Summary of Differences
    
    2.2.2.7. pykickstart
  3. 2.2.3. Networking
  4. 2.2.4. Product Subscriptions and Content Updates
3. 2.3. Text-Based Installer
3. Storage and File Systems
Expand section "3. Storage and File Systems" Collapse section "3. Storage and File Systems"
1. 3.1. kdump
2. 3.2. RAID
  Expand section "3.2. RAID" Collapse section "3.2. RAID"
  1. 3.2.1. Upgrades
3. 3.3. ext4
  Expand section "3.3. ext4" Collapse section "3.3. ext4"
  1. 3.3.1. Migration from ext3
  2. 3.3.2. Behavioral changes
4. 3.4. blockdev
5. 3.5. Tape devices
4. Networking and Services
Expand section "4. Networking and Services" Collapse section "4. Networking and Services"
1. 4.1. Interfaces and Configuration
2. 4.2. Service Initialization
  Expand section "4.2. Service Initialization" Collapse section "4.2. Service Initialization"
3. 4.3. IPTables/Firewalls
4. 4.4. Apache HTTP Server
5. 4.5. Samba
6. 4.6. PHP
7. 4.7. BIND
8. 4.8. SNMP
9. 4.9. NTP
10. 4.10. PTP
11. 4.11. Kerberos
12. 4.12. Mail
  Expand section "4.12. Mail" Collapse section "4.12. Mail"
  1. 4.12.1. Sendmail
  2. 4.12.2. Exim
  3. 4.12.3. Dovecot
    
    Expand section "4.12.3. Dovecot" Collapse section "4.12.3. Dovecot"
    
    4.12.3.1. Dovecot configuration
13. 4.13. MySQL®
  Expand section "4.13. MySQL®" Collapse section "4.13. MySQL®"
  1. 4.13.1. DBD Driver
14. 4.14. PostgreSQL
  Expand section "4.14. PostgreSQL" Collapse section "4.14. PostgreSQL"
  1. 4.14.1. Upgrading Databases
  2. 4.14.2. Other Changes
15. 4.15. Squid
16. 4.16. Bluetooth
  Expand section "4.16. Bluetooth" Collapse section "4.16. Bluetooth"
  1. 4.16.1. Bluetooth Service On Demand
17. 4.17. Cron
  Expand section "4.17. Cron" Collapse section "4.17. Cron"
  1. 4.17.1. Vixie cron and Cronie
18. 4.18. Logging
5. Command Line Tools
Expand section "5. Command Line Tools" Collapse section "5. Command Line Tools"
6. System Configuration
Expand section "6. System Configuration" Collapse section "6. System Configuration"
1. 6.1. ACPI
  Expand section "6.1. ACPI" Collapse section "6.1. ACPI"
  1. 6.1.1. CPU hotplug
2. 6.2. Logging
7. Desktop
Expand section "7. Desktop" Collapse section "7. Desktop"
1. 7.1. GDM Configuration
8. Security and Authentication
Expand section "8. Security and Authentication" Collapse section "8. Security and Authentication"
1. 8.1. SELinux
2. 8.2. openCryptoki
3. 8.3. SSSD
4. 8.4. LDAP
  Expand section "8.4. LDAP" Collapse section "8.4. LDAP"
  1. 8.4.1. OpenLDAP
  2. 8.4.2. Converting slapd configuration
5. 8.5. Checksums
6. 8.6. Pluggable Authentication Modules (PAM)
7. 8.7. System Users
8. 8.8. NIST SCAP 1.2 Certification
9. 8.9. Changes to RSA and DSA Key Generation
9. System Monitoring and Kernel
Expand section "9. System Monitoring and Kernel" Collapse section "9. System Monitoring and Kernel"
1. 9.1. dracut
2. 9.2. IP Virtual Server (IPVS)
3. 9.3. Joystick support
4. 9.4. Automatic Bug Reporting Tool (ABRT)
  Expand section "9.4. Automatic Bug Reporting Tool (ABRT)" Collapse section "9.4. Automatic Bug Reporting Tool (ABRT)"
  1. 9.4.1. ABRT Events
10. Package and Driver Changes
Expand section "10. Package and Driver Changes" Collapse section "10. Package and Driver Changes"
1. 10.1. System Configuration Tools Changes
  Expand section "10.1. System Configuration Tools Changes" Collapse section "10.1. System Configuration Tools Changes"
2. 10.2. Bash (Bourne-Again Shell)
  Expand section "10.2. Bash (Bourne-Again Shell)" Collapse section "10.2. Bash (Bourne-Again Shell)"
  1. 10.2.1. Regular Expressions
3. 10.3. Other Package Changes
  Expand section "10.3. Other Package Changes" Collapse section "10.3. Other Package Changes"
4. 10.4. Driver Changes
  Expand section "10.4. Driver Changes" Collapse section "10.4. Driver Changes"
5. 10.5. Library Changes
A. Revision History
Legal Notice

Language:
Español Русский Português 日本語 Italian Deutsch Français 简体中文 English
Format:
Single-page HTML PDF ePub

Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

4.11. Kerberos

In Red Hat Enterprise Linux 6, Kerberos clients and servers (including KDCs) will default to not using keys for the ciphers des-cbc-crc, des-cbc-md4, des-cbc-md5, des-cbc-raw, des3-cbc-raw, des-hmac-sha1, and arcfour-hmac-exp. By default, clients will not be able to authenticate to services which have keys of these types.

Most services can have a new set of keys (including keys for use with stronger ciphers) added to their keytabs and experience no downtime, and the ticket granting service's keys can likewise be updated to a set which includes keys for use with stronger ciphers, using the kadmin cpw -keepold command.

As a temporary workaround, systems that need to continue to use the weaker ciphers require the allow_weak_crypto option in the libdefaults section of the /etc/krb5.conf file. This variable is set to false by default, and authentication will fail without having this option enabled:

[libdefaults]
allow_weak_crypto = yes

Additionally, support for Kerberos IV, both as an available shared library and as a supported authentication mechanism in applications, has been removed. Newly-added support for lockout policies requires a change to the database dump format. Master KDCs which need to dump databases in a format that older KDCs can consume must run kdb5_util's dump command with the -r13 option.