[OpenAFS] Re: [OpenAFS-announce] OpenAFS Security Advisory 2013-0003

Benjamin Kaduk kaduk@MIT.EDU
Wed, 24 Jul 2013 12:10:02 -0400 (EDT)


On Wed, 24 Jul 2013, Douglas E. Engert wrote:

> Question: Once the 1.6.5 binaries are in place, and the servers
> start using the rxkad.keytab, will the server still accept
> existing DES based tokens that use keys and kvno that
> are only in the KeyFile?

Yes.  In fact, the code path for tokens using keys in the KeyFile (all 
single-DES keys, really) is nearly unchanged.  Only non-DES enctypes take 
the codepath with the new decrypter that knows about rxkad.keytab.

-Ben