Am Mittwoch, 30. August 2006 11:17 schrieb ext Dirk Heinrichs:
> I've just installed a new cell, using MIT Krb5 1.4.3 and OpenAFS 1.4.1.
> For the afs/cellname principal I have used enctype des-cbc-crc:normal.
> Now I wonder wether this was my only choice or could I just have used
> another (more
I should say some further stuff that might help people for
planning purposes.
The rxk5 openafs service principal name is:
afs-k5/@realm-name
when you create this principal, you tell the kdc what encryption
types are to be supported - you should not list any types your server
binaries canno
Jeffrey Altman writes:
...
>
> rxk5 does not do everything that we wanted rxgk to do but they are
> much further along in the development process than rxgk is at the moment
> and rxk5 provides 90% of what is desired.
rxk5 can also be the basis for doing rxgk -- the basic packet
encryption is very
Actually, rxk5 provides the kernel crypto (using k5ssl, a kerberos5
library implementation by Marcus). In recent versions, it can
apparently do the usermod crypto, too.
It's true we've been working with the (user-mode, native) Linux cache
manager only so far, but theoretically, the only requi
There's also the issue of accessing in-kernel crypto if you want to use
something other than des. I suspect rxk5 will probably work in the linux
cache manager to begin with, and require some help to work on other
platforms.
___
OpenAFS-info mailing list
Rodney M Dyer wrote:
> At 09:57 AM 8/30/2006, Jeffrey Altman wrote:
>> At the moment the requirement is that the service key and the session
>> key be limited to one of the single DES types. DES-CBC-CRC,
>> DES-CBC-MD5, DES-CBC-MD4.
>>
>> In some future we will support stronger encryption types.
>
On Wed, 30 Aug 2006, Rodney M Dyer wrote:
At 09:57 AM 8/30/2006, Jeffrey Altman wrote:
At the moment the requirement is that the service key and the session
key be limited to one of the single DES types. DES-CBC-CRC,
DES-CBC-MD5, DES-CBC-MD4.
In some future we will support stronger encryption
At 09:57 AM 8/30/2006, Jeffrey Altman wrote:
At the moment the requirement is that the service key and the session
key be limited to one of the single DES types. DES-CBC-CRC,
DES-CBC-MD5, DES-CBC-MD4.
In some future we will support stronger encryption types.
Exactly what does this "future" de
Dirk Heinrichs wrote:
> Hi,
>
> I've just installed a new cell, using MIT Krb5 1.4.3 and OpenAFS 1.4.1. For
> the afs/cellname principal I have used enctype des-cbc-crc:normal. Now I
> wonder wether this was my only choice or could I just have used another
> (more secure) enctype? Is there a li
Hi,
I've just installed a new cell, using MIT Krb5 1.4.3 and OpenAFS 1.4.1. For
the afs/cellname principal I have used enctype des-cbc-crc:normal. Now I
wonder wether this was my only choice or could I just have used another
(more secure) enctype? Is there a list of K5 enctypes I can use for AF
10 matches
Mail list logo