[OpenAFS] Re: Heimdal KDC bug mentioned in rekeying document
Andrew Deason
adeason@sinenomine.net
Thu, 25 Jul 2013 17:29:26 -0500
On Thu, 25 Jul 2013 19:12:11 +0200
Sergio Gelato <Sergio.Gelato@astro.su.se> wrote:
> I've been poking a bit into this. First of all, let's make sure I
> don't misunderstand your expectation here: do you want the KDC to be
> willing to issue a ticket with a des-cbc-crc session key (as requested
> by old aklog) even though the afs service principal does not have that
> enctype? Or are we Heimdal users expected to add that enctype to
> afs/cell whenever we rekey? The latter works with the Heimdal KDCs
> I've tried (the pre-1.4.0 from Debian squeeze and the pre-1.6 from
> Debian wheezy), the former doesn't.
Again, thanks for looking into this and raising these questions. Even if
you find or develop a fix for the Heimdal KDC, most existing Heimdal
KDCs will still have this problem, so how-to-rekey.txt needs some
changes. If you could look at <http://gerrit.openafs.org/#change,10110>
(the actual diff is currently here:
<http://git.openafs.org/?p=openafs-web.git;a=commitdiff;h=b0753e768928cd4a83b4cc340465be406b9f7051>),
I'm sure we would appreciate your input on whether you agree with the
updated text.
--
Andrew Deason
adeason@sinenomine.net