[OpenAFS] AES Support ?

Jason Edgecombe jason@rampaginggeek.com
Wed, 26 Sep 2007 11:36:58 -0400

Jeffrey Altman wrote:
> John Hascall wrote:
>> Jeffrey Altman
>>> John Hascall wrote:
>>>>>        What makes your cell "rxk5" capable is if you have an
>>>>> "afs-k5@YOUR-REALM" service key.
>>>> That seems icky.  Why does it have to have a different name?
>>> So that the clients have a way of knowing whether or not the cell
>>> supports the rxk5 protocol.
> Not at all.  If you remove the "afs/cell@REALM" key, the client knows
> not to attempt to negotiate rxkad.  If you remove the
> "afs-k5/cell@REALM" key the client knows not to negotiate rxk5.
> If both keys exist, the client will negotiate kxk5 because it will
> search for that one first.
> When rkgk is available, there will be a new service key for that as well.
> Jeffrey Altman
With rkgk and rxk5, will we still have no encryption if the connection 
is unauthenticated?
I just wanted to clarify.