[OpenAFS] ADS and MIT Kerberos transition auth continued
Eric Chris Garrison
ecgarris@iupui.edu
Thu, 09 Jul 2009 09:45:47 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jeffrey Altman wrote:
> Garrison, Eric C wrote:
>
>> 07/08/09 14:53:56 07/09/09 00:53:44 afs/afstest.iu.edu@ADS.IU.EDU
>> renew until 07/09/09 14:53:40, Etype (skey, tkt): AES-256 CTS mode
>> with 96-bit
>> SHA-1 HMAC, AES-256 CTS mode with 96-bit SHA-1 HMAC
>>
>> So what else should I look for in the token being bad in another way?
>
> The answer is right above. AES-256 is not DES-CBC-CRC
I'm told by our ADS admin that DES3 isn't supported, and DES-CBC-CRC is
somewhat weak by modern standards. How concerned should I be? Is there
another option that's secure and supported in AD?
Thanks,
Chris
- --
Eric Chris Garrison | Principal Mass Storage Specialist
ecgarris@iupui.edu | Indiana University - Research Storage
W: 317-278-1207 M: 317-250-8649 | Jabber IM: ecgarris@iupui.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFKVfSLG2WsK8XoJWURAkgCAJ9DnJH4qORTrcxVOiAcsoRE6x3cfgCcCnCq
L8P+s07RQgt6qvU6+Bhes7o=
=/Cv/
-----END PGP SIGNATURE-----