On 7/24/2013 11:10 AM, Benjamin Kaduk wrote:
On Wed, 24 Jul 2013, Douglas E. Engert wrote:
Question: Once the 1.6.5 binaries are in place, and the servers
start using the rxkad.keytab, will the server still accept
existing DES based tokens that use keys and kvno that
are only in the KeyFile?
Yes. In fact, the code path for tokens using keys in the KeyFile (all
single-DES keys, really) is nearly unchanged. Only non-DES enctypes take the
codepath with the new decrypter that knows about
rxkad.keytab.
Your answer implies even if we have a single DES entry in the
rxkad.keytab we also have to have it in the KeyFile.
Is that correct?
I was expecting you to say for single DES, it would first look in the
rkkad.keytab and if the KVNO was not found look in the KeyFile.
-Ben
--
Douglas E. Engert <[email protected]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
