>>>>> "Russ" == Russ Allbery <r...@debian.org> writes:
Russ> Vasilis Vasaitis <v.vasai...@sms.ed.ac.uk> writes: >> However, IMHO this is an unsatisfactory solution. Packages should >> ideally work correctly with their default settings, and therefore >> having each person that needs openafs-krb5 edit krb5.conf is not >> ideal. So I was wondering if the maintainers involved have a way >> in mind to avoid this? A conf.d style solution perhaps? Patching >> openafs-krb5 so that it specifies the setting programmatically in >> its code? Something else? Russ> Unfortunately, MIT Kerberos doesn't support conf.d-style Russ> krb5.conf files, and I don't believe there's any way to set Russ> this parameter programmatically rather than in the krb5.conf Russ> file. There's also the issue that it is a fairly security sensitive setting. I think that weakening the security defaults like this is something the user should at least know about. However it's possible we could do something in krb5-config. For example, ask about allow_weak_crypto at priority low normally, but if we find /usr/bin/aklog ask at priority high. Would that make things better? --sam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org