[OpenAFS] AES Support ?
Jason Edgecombe
jason@rampaginggeek.com
Wed, 26 Sep 2007 11:36:58 -0400
Jeffrey Altman wrote:
> John Hascall wrote:
>
>> Jeffrey Altman
>>
>>> John Hascall wrote:
>>>
>>>>> What makes your cell "rxk5" capable is if you have an
>>>>> "afs-k5@YOUR-REALM" service key.
>>>>>
>>>> That seems icky. Why does it have to have a different name?
>>>>
>>> So that the clients have a way of knowing whether or not the cell
>>> supports the rxk5 protocol.
>>>
>
> Not at all. If you remove the "afs/cell@REALM" key, the client knows
> not to attempt to negotiate rxkad. If you remove the
> "afs-k5/cell@REALM" key the client knows not to negotiate rxk5.
> If both keys exist, the client will negotiate kxk5 because it will
> search for that one first.
>
> When rkgk is available, there will be a new service key for that as well.
>
> Jeffrey Altman
>
With rkgk and rxk5, will we still have no encryption if the connection
is unauthenticated?
I just wanted to clarify.
Jason