[OpenAFS] AES Support ?
John Hascall
john@iastate.edu
Thu, 27 Sep 2007 13:32:04 CDT
> John Hascall <john@iastate.edu> writes:
> > This, to me, seems to be the sort of thing people need to be aware of
> > for planning purposes.
> You cannot turn off use of DES keys for AFS in your cell without a flag
> day. You will be able to permit upgraded clients to use stronger
> encryption types without a flag day.
> This is fairly normal for transitions of this sort. Turning something off
> is almost always a flag day.
The difference here is that somebody else turning something off
can be the trigger.
> The same is true of disabling DES keys in
> your Kerberos v5 realm (have you done that yet?).
Surely you jest, we're still struggling to get rid of K4.
John