[OpenAFS] Kerberos 5 encryption types and AFS
Tue, 06 Mar 2007 09:44:40 -0500
We run an AFS cell with a kerberos 5 kdc and still have krb5/kas
authentication in parallel. I'm looking to upgrade the kerberos server
to version 1.6. This works well in my test setup. My question is "how
does adding supporting encryption types interact with AFS and windows?"
Here is part of the kdc.conf
supported_enctypes = des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3
Does adding more encryption types hose AFS or windows? I'd like to start
enabling stronger crypto types so that we have the option of using them
in the future.
What do I need to lookout for with this?
BTW, we're still running krb524d because our aklog still needs it.
What do I need to do on the clients to enable use of the stronger crypto