It might be useful to have a list of all features that should not be used on a master with downlevel slaves. Here's a few that I know of:
- newer enctypes (AES was added in... 1.4 and since then Camellia is the newest) for service keys, particularly krbtgt keys - multiple MKVNOs (I forget when this was added) - n-strikes user principal locking (IIRC that was in 1.8) - extended policies (1.11) There are probably others. I'm guessing PKINIT is a feature you don't want to use in a master with downlevel slaves. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
