On Thu, 2014-07-31 at 15:32 +0200, Martin Richter wrote: > for any reason I just missed the three documents.... Thanks a lot!
> On Thu, 31 Jul 2014 09:09:11 -0400 (EDT) > > Benjamin Kaduk <ka...@mit.edu> wrote: > > On Thu, 31 Jul 2014, Martin Richter wrote: > > since I wasn't able to find out now is there any > official stantement whether or when more secure > kerberos tickets (like AES) will be supported? > > DES isn't the best choice and anything I've found was > dated back years ago. > > > > Are you familiar with the content of > > http://openafs.org/pages/security/OPENAFS-SA-2013-003.txt > http://openafs.org/pages/security/install-rxkad-k5-1.6.txt > http://openafs.org/pages/security/how-to-rekey.txt It should be noted that cache managers still use a DES variant even with these; the work to fix that is ongoing, as it requires an entire new protocol above the rx level. -- brandon s allbery kf8nh sine nomine associates allber...@gmail.com ballb...@sinenomine.net unix openafs kerberos infrastructure xmonad http://sinenomine.net :�� T���&j)b� b�өzpJ)ߢ�^��좸!��l��b��(���~�+����Y���b�ا~�����~ȧ~