Hi,
Since MIT released their kerberos 1.8 software today and it disables
single DES by default, what steps should we take to educate new users
about this? Any suggested specfiic documentation changes?
Thanks,
Jason
Original Message
Subject: krb5-1.8 is released
Date:
On 3 Mar 2010, at 00:28, Jason Edgecombe wrote:
Hi,
Since MIT released their kerberos 1.8 software today and it disables
single DES by default, what steps should we take to educate new
users about this? Any suggested specfiic documentation changes?
We should push people towards 1.4.12, w
Jason Edgecombe writes:
> Since MIT released their kerberos 1.8 software today and it disables
> single DES by default, what steps should we take to educate new users
> about this? Any suggested specfiic documentation changes?
UNIX users shouldn't have to care about this provided that they're ru
Russ Allbery writes:
> That fixes aklog and klog.krb5 to enable DES explicitly if the Kerberos
> implementation disables DES by default.
Oh, it's worth noting that if you build against pre-1.8 and then upgrade
the Kerberos libraries without rebuilding OpenAFS, you won't get the fix
for weak cryp
For heimdal, "afslog" is included in heimdal, and if I did not cheat
myself during testing of 1.3.2rc2, it does not need the krb5.conf
option, but for example heimdals telnet will need
allow_weak_crypto = yes
(Insert rant that I want SSH KeyExchnage in all distros here)
Another thing to keep an
Harald Barth writes:
> For heimdal, "afslog" is included in heimdal, and if I did not cheat
> myself during testing of 1.3.2rc2, it does not need the krb5.conf
> option, but for example heimdals telnet will need
> allow_weak_crypto = yes
> (Insert rant that I want SSH KeyExchnage in all distros