On Fri, 26 Jul 2013 09:45:13 -0500 Andrew Deason <adea...@sinenomine.net> wrote:
> To summarize: in MIT you do not want any DES keys in rxkad.keytab or > in the KDC's db. In Heimdal you do not want any DES keys in > rxkad.keytab, but you must have a DES key in the KDC's db due to how > it selects session keys. (This is for all versions of Heimdal; there > are no version exceptions that I know of, besides a patch that Sergio > is developing.) As someone else brought up with me, the above only applies if you care about supporting old clients. If you control all of the clients and upgrade all of them first, you don't need a DES key in Heimdal, and so you don't need to worry about a lot of this stuff. (This needs to be clarified in how-to-rekey.txt, too...) -- Andrew Deason adea...@sinenomine.net _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
