[OpenAFS] (no subject)

Atro Tossavainen openafs@atrotossavainen.fi
Wed, 23 Nov 2011 06:35:45 +0200


An aside...

Simon Wilkinson wrote:

> You need the setting on the KDCs, because otherwise they won't issue any single DES tickets, regardless of the encryption types set for the afs/<cell> principal. But ...
> 
> You also need this setting on all of your clients, because otherwise you won't be able to get any single DES tickets. This has been the case since MIT Kerberos 1.8.

This may be a FAQ, and a stupid question to boot.  In the former case,
I'd appreciate a pointer to the documentation.

If OpenAFS with Kerberos 5 still uses single DES only, how is it
fundamentally better security-wise than using kaserver...?

Best regards,
-- 
Atro Tossavainen