[OpenAFS] AES Support ?

John Hascall john@iastate.edu
Thu, 27 Sep 2007 13:32:04 CDT

> John Hascall <john@iastate.edu> writes:
> >   This, to me, seems to be the sort of thing people need to be aware of
> >   for planning purposes.

> You cannot turn off use of DES keys for AFS in your cell without a flag
> day.  You will be able to permit upgraded clients to use stronger
> encryption types without a flag day.

> This is fairly normal for transitions of this sort.  Turning something off
> is almost always a flag day.

The difference here is that somebody else turning something off
can be the trigger.

>                               The same is true of disabling DES keys in
> your Kerberos v5 realm (have you done that yet?).

Surely you jest, we're still struggling to get rid of K4.