[OpenAFS] AES Support ?

Thu, 27 Sep 2007 11:42:58 -0400

>Correct me if I am wrong, but if there is to be a smooth transition
>then I have to wait until every single afs client worldwide who might
>access our cell has upgraded (and how would I even know this).

Check your KDC logs?  When you stop seeing requests for afs/cell principals,
you can get rid of it.  Or at least track down the losers that haven't
upgraded yet and yell at them.

(If there is a period when you can use both principals for authentication,
I wouldn't classify that as a flag day.  To me a flag day is, "You have to
switch EXACTLY on date X").

--Ken