[OpenAFS] any experiences with OpenAFS client on the upcoming MacOS 10.10 (yosemite) release?

Benjamin Kaduk kaduk@MIT.EDU
Wed, 22 Oct 2014 11:33:10 -0400 (EDT)

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

Content-Type: TEXT/PLAIN; charset=UTF-8
Content-Transfer-Encoding: QUOTED-PRINTABLE

On Wed, 22 Oct 2014, Jan Posp=C3=AD=C5=A1il wrote:

> Is there a way one can force the default kerberos in Yosemite to
> allow-weak-crypto? Or do I have to install for example the MIT or Heimdal
> kerboeros separately as a workaround before our keys will be upgraded to =
> different encryption type (may take rather long time)?

I would strongly suggest that you expend effort on hastening the upgrading
of keys.

http://web.mit.edu/achernya/Public/thesis.pdf describes much of the work
done to support rxkad-k5 for OpenAFS, and has references for the extreme
weakness of single-DES long-term keys.  These keys can be cracked in under
a day at a cost of less than 100 USD.  I expect you value your data more
highly than that.