Jeffrey Altman wrote:
John Hascall wrote:
Jeffrey Altman
John Hascall wrote:
What makes your cell "rxk5" capable is if you have an
"[EMAIL PROTECTED]" service key.
That seems icky. Why does it have to have a different name?
So that the clients have a way of knowing whether or not the cell
supports the rxk5 protocol.
Not at all. If you remove the "afs/[EMAIL PROTECTED]" key, the client knows
not to attempt to negotiate rxkad. If you remove the
"afs-k5/[EMAIL PROTECTED]" key the client knows not to negotiate rxk5.
If both keys exist, the client will negotiate kxk5 because it will
search for that one first.
When rkgk is available, there will be a new service key for that as well.
Jeffrey Altman
With rkgk and rxk5, will we still have no encryption if the connection
is unauthenticated?
I just wanted to clarify.
Jason
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
