On 2008 Jul 20, at 19:00, Loren M. Lang wrote:
1. Currently, there is no support for anything besides DES encryption between the Kerberos 5 servers and OpenAFS with make that that will be weakest link in our network. 2. All OpenAFS file and/or database servers all use the same KeyFile which means a root compromise on any single OpenAFS server equal to compromising the entire cell.
Correct. Both are known issues; there is active work on rxk5 which will address the former, and the latter is on the roadmap.
-- brandon s. allbery [solaris,freebsd,perl,pugs,haskell] [EMAIL PROTECTED] system administrator [openafs,heimdal,too many hats] [EMAIL PROTECTED] electrical and computer engineering, carnegie mellon university KF8NH _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
