Sadly, given the MIT implementation porting that API for 1.8 would be
kind of tricky. The bit about whether something is weak is not stored
per-context.
I guess we should discuss on krbdev.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". T
Sam Hartman writes:
> For AS requests it definitely is a security issue.
> For TGS it is less of an issue and may not be an issue at all. The case
> I'm still pondering is the cross-realm case.
> Perhaps we should backport the API from Heimdal.
The API here is:
krb5_enctype_enable(krb5_conte
For AS requests it definitely is a security issue.
For TGS it is less of an issue and may not be an issue at all. The case
I'm still pondering is the cross-realm case.
Perhaps we should backport the API from Heimdal.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with
Sam Hartman writes:
> There's also the issue that it is a fairly security sensitive setting.
> I think that weakening the security defaults like this is something the
> user should at least know about.
> However it's possible we could do something in krb5-config. For
> example, ask about allow_
> "Russ" == Russ Allbery writes:
Russ> Vasilis Vasaitis writes:
>> However, IMHO this is an unsatisfactory solution. Packages should
>> ideally work correctly with their default settings, and therefore
>> having each person that needs openafs-krb5 edit krb5.conf is not
>>
Vasilis Vasaitis writes:
> However, IMHO this is an unsatisfactory solution. Packages should
> ideally work correctly with their default settings, and therefore having
> each person that needs openafs-krb5 edit krb5.conf is not ideal. So I
> was wondering if the maintainers involved have a way
(CC'ing the OpenAFS maintainer too.)
Thanks very much for the information in this bug report and the
NEWS.Debian file; I had encountered this problem too and have now
fixed it by adding the setting mentioned.
However, IMHO this is an unsatisfactory solution. Packages should
ideally work cor
Hi Sam,
On Monday 11 January 2010, Sam Hartman wrote:
> Can I get you to try adding allow_weak_crypto = true to the libdefaults
> sections of /etc/krb5.conf? If that fixes your problem, then this is
> not a bug.
that was the problem. actual bug was in my local apt-listchanges configuration
-- i
Can I get you to try adding allow_weak_crypto = true to the libdefaults
sections of /etc/krb5.conf? If that fixes your problem, then this is
not a bug.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debia
Package: libkrb5-3
Version: 1.7+dfsg-4
Severity: important
Dear krb5 developers,
the update from 1.7+dfsg-4 to 1.8+dfsg~alpha1-1 breaks aklog in
openafs-krb5 1.4.11+dfsg-6. The latter complains about an unknown RPC
failure.
Installed version from system information below is the reinstalled olde
10 matches
Mail list logo