OpenAFS Master Repository branch, openafs-stable-1_8_x, updated. openafs-stable-1_8_5-20-g20cd3ab

Gerrit Code Review
Sun, 26 Jan 2020 06:57:15 -0500

The following commit has been merged in the openafs-stable-1_8_x branch:
commit 20cd3ab424dd8b68d8870582c817c6b190480205
Author: Benjamin Kaduk <>
Date:   Thu Jul 11 21:07:35 2019 -0700

    aklog: require opt-in to enable single-DES in libkrb5
    Since the introduction of rxkad-k5 in response to OPENAFS-SA-2013-003,
    it is not strictly necessary to configure libkrb5 to allow weak crypto
    in order to obtain an AFS token.  A sufficient amount of time has passed
    since then that it is safe to assume that the default behavior is the
    more-secure one, and require opt-in for the insecure behavior.
    To indicate that the use of single-DES is quite risky, add the
    "-insecure_des" argument to both klog and aklog, to gate the
    preexisting calls that enable weak crypto/single-DES.
    These calls, and the -insecure_des option, may be removed entirely
    in a future commit.
    Reviewed-by: Michael Meffie <>
    Reviewed-by: Benjamin Kaduk <>
    Tested-by: Benjamin Kaduk <>
    (cherry picked from commit eaae6eba8ca10ba7a5a20ee0d1b5f91bc2bac6c6)
    Change-Id: I197042e12567fa0fed1b6584e85c3f0a520efa4c
    Tested-by: BuildBot <>
    Reviewed-by: Michael Meffie <>
    Reviewed-by: Cheyenne Wills <>
    Reviewed-by: Stephan Wiesand <>

 doc/man-pages/pod1/aklog.pod     |    9 ++++++-
 doc/man-pages/pod1/klog.krb5.pod |   10 +++++++-
 src/aklog/aklog.c                |   39 ++++++++++++++++++++++++-------------
 src/aklog/klog.c                 |   13 ++++++++---
 4 files changed, 49 insertions(+), 22 deletions(-)

OpenAFS Master Repository