Re: [OpenAFS] OpenAFS 1.6.9 and AES tickets

Brandon Allbery Thu, 31 Jul 2014 06:49:36 -0700

On Thu, 2014-07-31 at 15:32 +0200, Martin Richter wrote:

> for any reason I just missed the three documents.... Thanks a lot!


> On Thu, 31 Jul 2014 09:09:11 -0400 (EDT)
> 
> Benjamin Kaduk <ka...@mit.edu> wrote:
> 
>         On Thu, 31 Jul 2014, Martin Richter wrote:
>         
>                 since I wasn't able to find out now is there any
>                 official stantement whether or when more secure
>                 kerberos tickets (like AES) will be supported?
>                 
>                 DES isn't the best choice and anything I've found was
>                 dated back years ago.
>                 
> 
>         
>         Are you familiar with the content of
>         
>         http://openafs.org/pages/security/OPENAFS-SA-2013-003.txt
>         http://openafs.org/pages/security/install-rxkad-k5-1.6.txt
>         http://openafs.org/pages/security/how-to-rekey.txt

It should be noted that cache managers still use a DES variant even with
these; the work to fix that is ongoing, as it requires an entire new
protocol above the rx level.

-- 
brandon s allbery kf8nh                           sine nomine associates
allber...@gmail.com                              ballb...@sinenomine.net
unix openafs kerberos infrastructure xmonad        http://sinenomine.net
:��T���&j)b�   b�өzpJ)ߢ�^��좸!��l��b��(���~�+����Y���b�ا~�����~ȧ~

Re: [OpenAFS] OpenAFS 1.6.9 and AES tickets

Reply via email to