[OpenAFS] OpenAfs+Kerberos+OSXLion+Finder+Two Realms

Steve Simmons scs@umich.edu
Thu, 22 Sep 2011 10:28:28 -0400

On Sep 22, 2011, at 8:04 AM, Ivan Glushkov wrote:

>> Been getting it every since updating to Lion, but never got around to =
looking into it ?
> I added=20
> allow_weak_crypto =3D true
> in the [libdefaults] part of /etc/krb5.conf and it works for me. I =
have no idea what exactly this means - is my encryption somehow weaker?!

Yes, tho I no longer recall the fine details. If memory serves, there =
are some older encryption types in kerberos which are no longer =
recommended (des3? des?). The code to handle them is still there, but =
the default is not to use or permit them to be used unless =
allow_weak_crypto =3D true.

I've bcc'd this note to someone who can give a better answer.=