On 3 Mar 2010, at 00:28, Jason Edgecombe wrote:
Hi,
Since MIT released their kerberos 1.8 software today and it disables
single DES by default, what steps should we take to educate new
users about this? Any suggested specfiic documentation changes?
We should push people towards 1.4.12, when its released, which will
solve this problem (MIT added a hook to let us selectively enable weak
crypto for aklog, 1.4.12 uses that hook).
Users using older versions of OpenAFS will need to set
"allow_weak_crypto = true" in the libdefaults section of the krb5.conf
on all clients running MIT Kerberos 1.8.
S.
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
