Re: [OpenAFS] OpenAFS 1.6.9 and AES tickets

[Brandon Allbery]

On Thu, 2014-07-31 at 16:12 +0200, Martin Richter wrote:
> So this means that client caching can't be used anymore after DES has
> been removed from the KDC? 

No; rxkad-kdf derives a DES key from a stronger key. Also clients still
default to no encryption in the cache manager (fs setcrypt). Just
pointing out that (weaker-than-)DES is still used in some places, and
that fixing this is rather more invasive than rxkad-k5 and rxkad-kdf.

-- 
brandon s allbery kf8nh                           sine nomine associates
allber...@gmail.com                              ballb...@sinenomine.net
unix openafs kerberos infrastructure xmonad        http://sinenomine.net
:��T���&j)b�   b�өzpJ)ߢ�^��좸!��l��b��(���~�+����Y���b�ا~�����~ȧ~