Re: allow_weak_crypto = true not needed for wheezy
On Sun, Feb 03, 2013 at 06:24:52PM +0100, Petter Reinholdtsen wrote: [Andreas B. Mundt] Hi, Hi. FYI, it looks as if allow_weak_crypto = true [1] is not needed anymore for wheezy. This is at least the case for debian-lan. What was it needed for in the first place? Kerberized NFSv4 for sure. I think the NFSv4 kernel module should have been rewritten around version 2.6.39 and the long known problem, probably, has been removed. Cheers Giorgio -- Giorgio Pioda - Sysadmin SPSE-Tenero Cell +41 79 629 20 63 Uff. +41 91 735 62 48 -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130204132716.ga10...@macchianera.pioderia.lan
Re: allow_weak_crypto = true not needed for wheezy
Hi, On Sun, Feb 03, 2013 at 06:50:38PM +0100, Andreas B. Mundt wrote: On Sun, Feb 03, 2013 at 06:24:52PM +0100, Petter Reinholdtsen wrote: [Andreas B. Mundt] FYI, it looks as if allow_weak_crypto = true [1] is not needed anymore for wheezy. This is at least the case for debian-lan. Confirmed for debian-edu; thanks for your information. What was it needed for in the first place? Mounting NFSv4 IIRC. Cf. http://bugs.debian.org/657802 I remember debian-edu needed: permitted_enctypes = ... This setting seems still to be required. I'll commit the change to svn. Wolfgang signature.asc Description: Digital signature
Re: allow_weak_crypto = true not needed for wheezy
[Andreas B. Mundt] Hi, Hi. FYI, it looks as if allow_weak_crypto = true [1] is not needed anymore for wheezy. This is at least the case for debian-lan. What was it needed for in the first place? Do you have the commit rights needed to update the source with this change? -- Happy hacking Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/2flfw1d1fa3@diskless.uio.no
Re: allow_weak_crypto = true not needed for wheezy
Hi, On Sun, Feb 03, 2013 at 06:24:52PM +0100, Petter Reinholdtsen wrote: [Andreas B. Mundt] FYI, it looks as if allow_weak_crypto = true [1] is not needed anymore for wheezy. This is at least the case for debian-lan. What was it needed for in the first place? Mounting NFSv4 IIRC. Cf. http://bugs.debian.org/657802 I remember debian-edu needed: permitted_enctypes = ... too, because of pam_sss, which I never used. (http://bugs.debian.org/657802#24) Do you have the commit rights needed to update the source with this change? I would prefer if someone currently running and testing the code would commit it, to make sure it really works in the end also on debian-edu. Best regards, Andi -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130203175038.GA18251@fuzi
allow_weak_crypto = true not needed for wheezy
Hi, FYI, it looks as if allow_weak_crypto = true [1] is not needed anymore for wheezy. This is at least the case for debian-lan. Best regards, Andi [1] c.f. debian-edu-config/share/debian-edu-config/tools/kerberos-kdc-init -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130202084835.GA3813@fuzi