[OpenAFS] kerberos 5 encryption types status

Russ Allbery rra@stanford.edu
Tue, 12 Jan 2010 14:32:44 -0800

Jack Neely <jjneely@pams.ncsu.edu> writes:

> I'm researching upgrading our aging (1.2) Kerberos 5 infrastructure to
> 1.6.  I'm attempting to figure out how the upgrade and new encryption
> types would affect our AFS deployment.  Russ's email from 2007 was
> helpful in this:

>     http://www.openafs.org/pipermail/openafs-info/2007-March/025509.html

> Do the current versions of OpenAFS (1.4.7 and mostly 1.4.11) still only
> support des-cbc-crc for their service principles?  

Yes.  Changing this would likely warrant a 2.0 release of OpenAFS.

> What encryption types are supported with rxk5?

Either rxk5 or rxgk would support any encryption types supported by the
underlying Kerberos implementation.

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>