[OpenAFS] Re: Moving Magic Trio to another domain
Jukka Tuominen
jukka.tuominen@finndesign.fi
Mon, 23 Sep 2013 23:49:05 +0300 (EEST)
Thanks, I would have missed that!
br, jukka
> On 9/23/2013 3:06 PM, Jukka Tuominen wrote:
>> kadmin.local: ktadd -k /tmp/afs.keytab -norandkey -e des-cbc-crc:normal
>> afs/[server.name]. But that was my earlier attempt (see a few lines
>> below
>> what I did), so it may be different when I follow your suggestions more
>> closely...
>
> Please do not create AFS keys with DES. See Security Vulnerability:
>
> OPENAFS-SA-2013-003
> Brute force DES attack permits compromise of AFS cell
> http://www.openafs.org/pages/security/#OPENAFS-SA-2013-003
>
>
>
>