Marcus Watts wrote: > I'm in the process of adding "configurable crypto support" to k5ssl, > part of rxk5 for openafs. I have the configuration logic working with > all the features listed below, I just have to merge it in with other > changes also in the queue (such as windows support, verifykt, etc...)
"kvno -k keytab" and krb5_server_decrypt_ticket_keytab() have been committed to the MIT Kerberos tree for 1.7. > rc4exp is a degraded version of rc4 has an effective key space of 40 bits, > done by microsoft for export purposes. I don't know if microsoft still > does this, but I believe neither heimdal nor mit support this anymore. > There's certainly no reason to advertise or use this > with openafs. Please do not implement this. Microsoft implemented this in the 90s prior to receiving world-wide export permission for RC4-HMAC. There is no public implementation of this cipher suite. Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
