[OpenAFS] RHEL6 allow_weak_crypto in client krb5.conf

Jeff Blaine jblaine@kickflop.net
Tue, 22 Nov 2011 15:28:22 -0500

I'm a little confused.  I just had to turn on
allow_weak_crypto in a RHEL6 kerberos client's
/etc/krb5.conf to be able to aklog.

My understanding was that this setting was only
needed on the KDCs, which until now, has been
working fine since we upgraded our KDCs to 1.9.

Is that just because our other clients are (they
are) running sub-1.9 MIT Kerberos so we didn't hit