[OpenAFS] AES Support ?

Christopher D. Clausen cclausen@acm.org
Wed, 26 Sep 2007 08:15:32 -0500

John Hascall <john@iastate.edu> wrote:
>>        What makes your cell "rxk5" capable is if you have an
>> "afs-k5@YOUR-REALM" service key.
> That seems icky.  Why does it have to have a different name?

I suspet that if it had the same name, the enc-types would be confused 
with AES vs. DES in the current clients.  Additionally, using a 
different service principal ensures that only binaries that are setup to 
use the new principal will attempt to do so, allowing for current 
clients and servers to keep working while adding support for rxk5 to 
your cell, one server / client at a time.

I'm assuming that something like afs-k5/cellname@REALM will work, as I 
already have multiple AFS cells using the same Kerberos realm.