[OpenAFS] Done the rekeying of my cell, but unpatched clients
Wed, 8 Jan 2014 13:13:32 -0500 (EST)
On Wed, 8 Jan 2014, Jose Manuel dos Santos Calhariz wrote:
> I have a cell of OpenAFS and a kerberos5 realm for tests. I have done the
> of afs/celname@REALMNAME as explained in
> But I have made some mistake somewhere, because when I test with unpatched
> 1.4.x they still authenticate.
Isn't this a feature, not a bug?
The actual on-the-wire crypto is unchanged from the 1.4 era (much earlier,
really); the real security benefit is gained on the server side.