[OpenAFS] AES Support ?
John Hascall
john@iastate.edu
Wed, 26 Sep 2007 13:45:12 CDT
Marcus Watts sez:
> > Jeffrey Altman
> > > John Hascall wrote:
> > > >> What makes your cell "rxk5" capable is if you have an
> > > >> "afs-k5@YOUR-REALM" service key.
> > > > That seems icky. Why does it have to have a different name?
> > > So that the clients have a way of knowing whether or not the cell
> > > supports the rxk5 protocol.
> > Wouldn't the normal Kerberos enctype negotiation do that?
> > That is, if the client asks for {AES,DES} and if it gets
> > back AES it knows it can use rxk5?
> Equating enctype with protocol seems unwise anyways.
Well isn't that specified in the rx header's security field anyway?
John