On 1/8/2014 1:11 PM, Jose Manuel dos Santos Calhariz wrote: > I have a cell of OpenAFS and a kerberos5 realm for tests. I have done > the re-keying > of afs/celname@REALMNAME as explained in > > http://openafs.org/pages/security/install-rxkad-k5-1.6.txt > http://openafs.org/pages/security/how-to-rekey.txt > > But I have made some mistake somewhere, because when I test with > unpatched clients > 1.4.x they still authenticate.
The only situation in which older clients would not authenticate are:
1. the Kerberos v5 KDC is configured to not issue DES session keys.
The session key is different from the long term AFS service key
that you replaced.
2. the client Kerberos contains a bug that results in the client
core dumping if an service key enctype is used that is not
recognized by the client. Such a client would need to be really
really old.
smime.p7s
Description: S/MIME Cryptographic Signature
