[OpenAFS] enctypes supported by openafs 1.6.1?
Benjamin Kaduk
kaduk@MIT.EDU
Sun, 12 May 2013 19:35:24 -0400 (EDT)
On Sat, 11 May 2013, Anders Lennartsson wrote:
> What enctypes are actually supported by OpenAFS 1.6.1?
>
> I recently upgraded from 1.4 to 1.6.1 (in Debian Wheezy) by a new
> install. There are several computers: a Heimdal 1.6 kdc, a 1.6.1 afs
> service, and some Linux and Windows 7 clients.
>
> An afs principal with (only) a des-cbc-md5 key works fine with Linux
> clients. But the Heimdal 1.5.1 for Windows refuses to get afs tokens
> based on that.
>
> After replacing afs principal with one having only a des-cbc-crc key
> (and extracting a new KeyFile etc) both Linux and Windows clients work
> fine.
>
> Why is this so?
This is before my time, but I believe that MIT krb5 blacklists des-cbc-md5
due to there once having been a deployed buggy implementation. (I did not
think Heimdal was affected, though.)
des-cbc-crc and des-cbc-md5 keys are usable equivalently by AFS, of
course.
You did not say which version of OpenAFS the windows client runs.
-Ben Kaduk