[OpenAFS] Heimdal & OpenAFS 1.7.4: Difficult user experience

Jeffrey Altman jaltman@your-file-system.com
Fri, 27 Jan 2012 10:35:11 -0500

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 1/27/2012 7:09 AM, Harald Barth wrote:
>> (2) Instead, could we have the Heimdal installer default
>>     "allow_weak_crypto =3D true" ?
> Strange, didn't Heimdals original code include special treatment of
> ticket enctypes for AFS tokens so that you don't need this to get AFS
> tokens (but you would need it for for example telnet). Has this
> changed or is this different in the Windows version?
> Harald.

OpenAFS does not have native Heimdal support at the moment.  The patches
are sitting on 'master' but have not been pulled up to the
openafs-devel-1_7_x branch.  When these patches are pulled up, aklog and
the netidmgr afs credential provider will not require the
"allow_weak_crypto" line.

I am focused on shaking out bugs and performance issues in the 1.7.x
series.  The native Heimdal support will be pulled up before 1.8.0 is
shipped.  Without native Heimdal support, aklog and NetIDMgr cannot
enable DES just for the request it is about to issue.

Jeffrey Altman

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

Version: GnuPG v1.4.9 (MingW32)