[OpenAFS] Heimdal & OpenAFS 1.7.4: Difficult user experience
Lars Schimmer
l.schimmer@cgv.tugraz.at
Thu, 26 Jan 2012 20:59:57 +0100
Hi!
First: We did make a wiki page with all the needed software (links),=20
screenshots, values to enter, path,... for our users. In case they want=20
the software, we give them th elink to the wiki page and 99% of users=20
could do it as we has written it down.
But we do use OpenAFS 1.7.4 and still MIT KfW. Not yet needed to change=20
over to Heimdal. Oh, and we provide our own krb5.conf file in our wiki=20
for users to copy into the path (windows admins do know how to work with=20
UAC).
> (1) Is it really true that OpenAFS tells people to download software
> that doesn't work without manually fiddling with configuration
> files? Or did I do something wrong with the install?
No install can suite all users needs. In our case we cannot provide DNS=20
entries for OpenAFS and so default install does not work for us.
On providing installers you must find the most useable configuration.
> (2) Instead, could we have the Heimdal installer default
> "allow_weak_crypto =3D true" ?
Why should it? It should always prefer the more secure system.
> (3) If we're stuck with (1) and can't do (2), would anyone like me to
> write up the installation sequence required on the Wiki? And mayb=
e
> the download page could point to it so poor lusers could find it?
> And maybe for MacOSX too, with also requires
> a manual fiddling with /etc/krb5.conf after installation.
>
> (4) Is there a plan to finally wean AFS servers off des-cbc-crc ?
Already in work, but needs some more work as it needs some protocol=20
changes and a new standard for it.
> Thanks,
> John
MfG,
Lars Schimmer
--=20
-------------------------------------------------------------
TU Graz, Institut f=FCr ComputerGraphik & WissensVisualisierung
Tel: +43 316 873-5405 E-Mail: l.schimmer@cgv.tugraz.at
Fax: +43 316 873-5402 PGP-Key-ID: 0x4A9B1723