[OpenAFS] AES Support ?
Wed, 26 Sep 2007 11:36:58 -0400
Jeffrey Altman wrote:
> John Hascall wrote:
>> Jeffrey Altman
>>> John Hascall wrote:
>>>>> What makes your cell "rxk5" capable is if you have an
>>>>> "afs-k5@YOUR-REALM" service key.
>>>> That seems icky. Why does it have to have a different name?
>>> So that the clients have a way of knowing whether or not the cell
>>> supports the rxk5 protocol.
> Not at all. If you remove the "afs/cell@REALM" key, the client knows
> not to attempt to negotiate rxkad. If you remove the
> "afs-k5/cell@REALM" key the client knows not to negotiate rxk5.
> If both keys exist, the client will negotiate kxk5 because it will
> search for that one first.
> When rkgk is available, there will be a new service key for that as well.
> Jeffrey Altman
With rkgk and rxk5, will we still have no encryption if the connection
I just wanted to clarify.