[OpenAFS] AES Support ?

Jeffrey Altman jaltman@secure-endpoints.com
Wed, 26 Sep 2007 09:49:37 -0400


John Hascall wrote:
> Jeffrey Altman
>> John Hascall wrote:
>>>>        What makes your cell "rxk5" capable is if you have an
>>>> "afs-k5@YOUR-REALM" service key.
>>> That seems icky.  Why does it have to have a different name?
> 
>> So that the clients have a way of knowing whether or not the cell
>> supports the rxk5 protocol.

Not at all.  If you remove the "afs/cell@REALM" key, the client knows
not to attempt to negotiate rxkad.  If you remove the
"afs-k5/cell@REALM" key the client knows not to negotiate rxk5.
If both keys exist, the client will negotiate kxk5 because it will
search for that one first.

When rkgk is available, there will be a new service key for that as well.

Jeffrey Altman