On Wed, 8 Jan 2014, Jose Manuel dos Santos Calhariz wrote:
I have a cell of OpenAFS and a kerberos5 realm for tests. I have done the
re-keying
of afs/celname@REALMNAME as explained in
http://openafs.org/pages/security/install-rxkad-k5-1.6.txt
http://openafs.org/pages/security/how-to-rekey.txt
But I have made some mistake somewhere, because when I test with unpatched
clients
1.4.x they still authenticate.
Isn't this a feature, not a bug?
The actual on-the-wire crypto is unchanged from the 1.4 era (much earlier,
really); the real security benefit is gained on the server side.
-Ben Kaduk
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
