On Fri, Jun 17, 2011 at 09:51:30PM +0200, Sergio Gelato wrote: > It is true that you can enable the enctypes for all principals by adding > [libdefaults] > allow_weak_crypto = true > to /etc/heimdal-kdc/kdc.conf, but that's a very blunt tool since only a > few principals still need an exemption from the "no DES" policy. For my > own operations I'll definitely stick with my patch. A more universal > solution would be to make the exception list configurable without > recompiling the KDC, but that has to be balanced against the likely > complexity of such a change.
So for some reason I thought the patch was more involved. So yeah, you can update that through proposed-updates. If it misses the next point release we can also push it through squeeze-updates, I think. It's a bit sad that it's hardcoded but I think it's fair for NFS/AFS, even though we got recent support for better crypto in the kernel. Kind regards, Philipp Kern -- .''`. Philipp Kern Debian Developer : :' : http://philkern.de Stable Release Manager `. `' xmpp:p...@0x539.de Wanna-Build Admin `- finger pkern/k...@db.debian.org
signature.asc
Description: Digital signature