So this means that client caching can't be used anymore after DES has been
removed from the KDC?
Regs
Martin
On Thu, 31 Jul 2014 13:48:36 +0000
Brandon Allbery <ballb...@sinenomine.net> wrote:
On Thu, 2014-07-31 at 15:32 +0200, Martin Richter wrote:
for any reason I just missed the three documents.... Thanks a lot!
On Thu, 31 Jul 2014 09:09:11 -0400 (EDT)
Benjamin Kaduk <ka...@mit.edu> wrote:
On Thu, 31 Jul 2014, Martin Richter wrote:
since I wasn't able to find out now is there any
official stantement whether or when more secure
kerberos tickets (like AES) will be supported?
DES isn't the best choice and anything I've found was
dated back years ago.
Are you familiar with the content of
http://openafs.org/pages/security/OPENAFS-SA-2013-003.txt
http://openafs.org/pages/security/install-rxkad-k5-1.6.txt
http://openafs.org/pages/security/how-to-rekey.txt
It should be noted that cache managers still use a DES variant even with
these; the work to fix that is ongoing, as it requires an entire new
protocol above the rx level.
--
brandon s allbery kf8nh sine nomine associates
allber...@gmail.com
ballb...@sinenomine.net
unix openafs kerberos infrastructure xmonad
http://sinenomine.net
:???T???&j)b? b?өzp?J)ߢ?^??좸!??l??b??(???~?+????Y???b?ا~?????~ȧ~
