[OpenAFS] AES Support ?

[John Hascall]

Marcus Watts sez:
> > Jeffrey Altman
> > > John Hascall wrote:
> > > >>        What makes your cell "rxk5" capable is if you have an
> > > >> "afs-k5@YOUR-REALM" service key.
> > > > That seems icky.  Why does it have to have a different name?
> > > So that the clients have a way of knowing whether or not the cell
> > > supports the rxk5 protocol.

> > Wouldn't the normal Kerberos enctype negotiation do that?
> > That is, if the client asks for {AES,DES} and if it gets
> > back AES it knows it can use rxk5?

> Equating enctype with protocol seems unwise anyways.

Well isn't that specified in the rx header's security field anyway?

John