[OpenAFS] MIT kerberos 1.8 is released and disabled single DES by default

Russ Allbery rra@stanford.edu
Tue, 02 Mar 2010 16:43:33 -0800


Jason Edgecombe <jason@rampaginggeek.com> writes:

> Since MIT released their kerberos 1.8 software today and it disables
> single DES by default, what steps should we take to educate new users
> about this? Any suggested specfiic documentation changes?

UNIX users shouldn't have to care about this provided that they're running
any version after commits:

    f02ab3339d01bca414fe705f3a990a1db146f29b
    cb4b62a40352ccebae3a299f4327fa70fc7a0c5c

on master and:

    b0b85ad33b49f18ef18af40716bfc110f629068b
    d22e6c08bea7192603e94e751d6e38ae49d04951

on the 1.4 branch.  This will be in 1.4.12.  That fixes aklog and
klog.krb5 to enable DES explicitly if the Kerberos implementation disables
DES by default.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>