[OpenAFS] ADS and MIT Kerberos transition auth continued
Russ Allbery
rra@stanford.edu
Fri, 17 Jul 2009 12:11:27 -0700
"Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu> writes:
> On Jul 17, 2009, at 15:01 , Eric Chris Garrison wrote:
>> [root@rufus2 etc]# klist -e
>> Ticket cache: FILE:/tmp/krb5cc_0
>> Default principal: afs/afstest.iu.edu@ADS.IU.EDU
>>
>> Valid starting Expires Service principal
>> 07/17/09 14:34:44 07/18/09 00:34:44 krbtgt/ADS.IU.EDU@ADS.IU.EDU
>> renew until 07/18/09 14:34:44, Etype (skey, tkt): AES-256 CTS
>> mode with 96-bit SHA-1 HMAC, AES-256 CTS mode with 96-bit SHA-1 HMAC
>
> Er? AES-256 won't work with AFS.
Yeah, but that's the TGT. That shouldn't make a difference.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>