On Sat, 11 May 2013, Anders Lennartsson wrote:
What enctypes are actually supported by OpenAFS 1.6.1?
I recently upgraded from 1.4 to 1.6.1 (in Debian Wheezy) by a new
install. There are several computers: a Heimdal 1.6 kdc, a 1.6.1 afs
service, and some Linux and Windows 7 clients.
An afs principal with (only) a des-cbc-md5 key works fine with Linux
clients. But the Heimdal 1.5.1 for Windows refuses to get afs tokens
based on that.
After replacing afs principal with one having only a des-cbc-crc key
(and extracting a new KeyFile etc) both Linux and Windows clients work
fine.
Why is this so?
This is before my time, but I believe that MIT krb5 blacklists des-cbc-md5
due to there once having been a deployed buggy implementation. (I did not
think Heimdal was affected, though.)
des-cbc-crc and des-cbc-md5 keys are usable equivalently by AFS, of
course.
You did not say which version of OpenAFS the windows client runs.
-Ben Kaduk
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
