On Wed, Oct 22, 2014 at 5:42 AM, Jan Pospíšil <[email protected]> wrote:
> Hello. > > I have just upgraded from 10.9 with installed OpenAFS client 1.6.6 to > 10.10 (without reinstalling the OpenAFS client) and I am not able to get > tokens even with aklog. > > Is there a way one can force the default kerberos in Yosemite to > allow-weak-crypto? Or do I have to install for example the MIT or Heimdal > kerboeros separately as a workaround before our keys will be upgraded to a > different encryption type (may take rather long time)? > You're going to need either a patched Heimdal or an old one; I don't know if that's also true of MIT. But the code needed in MacOS' bundled Heimdal simply isn't there. It's not even compiled in. -- D
