[OpenAFS] Re: [OpenAFS-announce] OpenAFS Security Advisory
2013-0003
Benjamin Kaduk
kaduk@MIT.EDU
Wed, 24 Jul 2013 12:10:02 -0400 (EDT)
On Wed, 24 Jul 2013, Douglas E. Engert wrote:
> Question: Once the 1.6.5 binaries are in place, and the servers
> start using the rxkad.keytab, will the server still accept
> existing DES based tokens that use keys and kvno that
> are only in the KeyFile?
Yes. In fact, the code path for tokens using keys in the KeyFile (all
single-DES keys, really) is nearly unchanged. Only non-DES enctypes take
the codepath with the new decrypter that knows about rxkad.keytab.
-Ben