Garrett Wollman wrote: > > <<On Fri, 14 May 2004 19:45:36 -0400 (EDT), "Sean O'Malley" <[EMAIL PROTECTED]> said: > > > will take at least a year. I would like to dump kerberos IV support > > altogether. I am just wondering about the feasibility of the plan. > > We did not make any transition, but we are running a pure-v5 > environment with no Kerberos-related problems. There are still a few > issues we'd like to get resolved; most importantly, geting kafs to use > a stronger encryption algorithm than single-DES. (afs is the only > principal in our KDC that has a single-DES key and we'd like to get > disable 1DES entirely.) We do run krb524d, in standalone mode, on the > AFS dbservers to support ticket mangling for Unix clients using > `aklog', and we also run gssklogd but plan to stop now that the > current Windows client and KfW support using v5 tickets directly.
Note that AFS 1.3.64 will still only use DES keys. To do otherwise will require some major changes to AFS. 1.3.64 added des-cbc-md5 and des-cbc-md4 to the existing des-cbc-crc as will as allowing ticket large then 344 bytes. > > -GAWollman > > _______________________________________________ > OpenAFS-devel mailing list > [EMAIL PROTECTED] > https://lists.openafs.org/mailman/listinfo/openafs-devel -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ OpenAFS-devel mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-devel
