On Thu, Sep 22, 2011 at 10:28 AM, Steve Simmons <[email protected]> wrote: > > On Sep 22, 2011, at 8:04 AM, Ivan Glushkov wrote: > >>> >>> Been getting it every since updating to Lion, but never got around to >>> looking into it ? >>> >> >> I added >> >> allow_weak_crypto = true >> >> in the [libdefaults] part of /etc/krb5.conf and it works for me. I have no >> idea what exactly this means - is my encryption somehow weaker?! > > Yes, tho I no longer recall the fine details. If memory serves, there are > some older encryption types in kerberos which are no longer recommended > (des3? des?). The code to handle them is still there, but the default is not > to use or permit them to be used unless allow_weak_crypto = true.
it'd be single des. that liability will be addressed with rxgk but in the meantime, fcrypt relies on a single des key. -- Derrick _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
