On Thu, 25 Jul 2013 19:12:11 +0200 Sergio Gelato <[email protected]> wrote:
> I've been poking a bit into this. First of all, let's make sure I > don't misunderstand your expectation here: do you want the KDC to be > willing to issue a ticket with a des-cbc-crc session key (as requested > by old aklog) even though the afs service principal does not have that > enctype? Or are we Heimdal users expected to add that enctype to > afs/cell whenever we rekey? The latter works with the Heimdal KDCs > I've tried (the pre-1.4.0 from Debian squeeze and the pre-1.6 from > Debian wheezy), the former doesn't. Again, thanks for looking into this and raising these questions. Even if you find or develop a fix for the Heimdal KDC, most existing Heimdal KDCs will still have this problem, so how-to-rekey.txt needs some changes. If you could look at <http://gerrit.openafs.org/#change,10110> (the actual diff is currently here: <http://git.openafs.org/?p=openafs-web.git;a=commitdiff;h=b0753e768928cd4a83b4cc340465be406b9f7051>), I'm sure we would appreciate your input on whether you agree with the updated text. -- Andrew Deason [email protected] _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
