[OpenAFS] MIT kerberos 1.8 is released and disabled single DES by default
Russ Allbery
rra@stanford.edu
Tue, 02 Mar 2010 16:43:33 -0800
Jason Edgecombe <jason@rampaginggeek.com> writes:
> Since MIT released their kerberos 1.8 software today and it disables
> single DES by default, what steps should we take to educate new users
> about this? Any suggested specfiic documentation changes?
UNIX users shouldn't have to care about this provided that they're running
any version after commits:
f02ab3339d01bca414fe705f3a990a1db146f29b
cb4b62a40352ccebae3a299f4327fa70fc7a0c5c
on master and:
b0b85ad33b49f18ef18af40716bfc110f629068b
d22e6c08bea7192603e94e751d6e38ae49d04951
on the 1.4 branch. This will be in 1.4.12. That fixes aklog and
klog.krb5 to enable DES explicitly if the Kerberos implementation disables
DES by default.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>