[OpenAFS] Heimdal & OpenAFS 1.7.4: Difficult user experience

[Jeffrey Altman]

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigEB939E67813F8FF3FABCA25E
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 1/27/2012 7:09 AM, Harald Barth wrote:
>=20
>> (2) Instead, could we have the Heimdal installer default
>>     "allow_weak_crypto =3D true" ?
>=20
> Strange, didn't Heimdals original code include special treatment of
> ticket enctypes for AFS tokens so that you don't need this to get AFS
> tokens (but you would need it for for example telnet). Has this
> changed or is this different in the Windows version?
>=20
> Harald.

OpenAFS does not have native Heimdal support at the moment.  The patches
are sitting on 'master' but have not been pulled up to the
openafs-devel-1_7_x branch.  When these patches are pulled up, aklog and
the netidmgr afs credential provider will not require the
"allow_weak_crypto" line.

I am focused on shaking out bugs and performance issues in the 1.7.x
series.  The native Heimdal support will be pulled up before 1.8.0 is
shipped.  Without native Heimdal support, aklog and NetIDMgr cannot
enable DES just for the request it is about to issue.

Jeffrey Altman


--------------enigEB939E67813F8FF3FABCA25E
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iQEcBAEBAgAGBQJPIsQvAAoJENxm1CNJffh4bNUH/2Z3gCppzpuXQBCFij9jVFta
qCfoy57mdpyfcygYxsHRy23TC002Ovdcb+Udl+xuxX5xmxnGsKOns5lj9kQ/EjW3
Alj4PZsnUERWXhusxeQEQ5sM7J7MEFWSrwpP2IO7L32C9oLRnpYgYvdVY+cDxA8B
QFwSvZyNlNufvioT32+j7TOLZxdUydyeXLPM4T9u+D+H+1GsyVWpIni6Xw5ViJ1q
rMfMBP0Bld5nQ+2TQIRuZ3XPnhiD+tUd5WV4/VTk88lHnwxm8EDYD0YgvhfIeTLt
KK9UARlrd2DYqME4Pb2Say3PWN8J1lFb1GWLwUzxfRiThC8b+NfZ/MMmuRZlVXY=
=PejN
-----END PGP SIGNATURE-----

--------------enigEB939E67813F8FF3FABCA25E--