[OpenAFS] ADS and MIT Kerberos transition auth continued

Brandon S. Allbery KF8NH allbery@ece.cmu.edu
Fri, 17 Jul 2009 15:06:36 -0400

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Content-Transfer-Encoding: 7bit

On Jul 17, 2009, at 15:01 , Eric Chris Garrison wrote:
> [root@rufus2 etc]# klist -e
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: afs/afstest.iu.edu@ADS.IU.EDU
> Valid starting     Expires            Service principal
> 07/17/09 14:34:44  07/18/09 00:34:44  krbtgt/ADS.IU.EDU@ADS.IU.EDU
>         renew until 07/18/09 14:34:44, Etype (skey, tkt): AES-256 CTS
> mode with 96-bit SHA-1 HMAC, AES-256 CTS mode with 96-bit SHA-1 HMAC

Er?  AES-256 won't work with AFS.

> 07/17/09 14:38:58  07/18/09 00:38:55  afs/afstest.iu.edu@ADS.IU.EDU
>         renew until 07/18/09 14:38:51, Etype (skey, tkt): DES cbc mode
> with CRC-32, DES cbc mode with RSA-MD5

This is what it should look like.

brandon s. allbery [solaris,freebsd,perl,pugs,haskell] allbery@kf8nh.com
system administrator [openafs,heimdal,too many hats] allbery@ece.cmu.edu
electrical and computer engineering, carnegie mellon university    KF8NH

content-type: application/pgp-signature; x-mac-type=70674453;
content-description: This is a digitally signed message part
content-disposition: inline; filename=PGP.sig
content-transfer-encoding: 7bit

Version: GnuPG v2.0.10 (Darwin)