[OpenAFS] Done the rekeying of my cell, but unpatched clients
still works
Benjamin Kaduk
kaduk@MIT.EDU
Wed, 8 Jan 2014 13:13:32 -0500 (EST)
On Wed, 8 Jan 2014, Jose Manuel dos Santos Calhariz wrote:
> I have a cell of OpenAFS and a kerberos5 realm for tests. I have done the
> re-keying
> of afs/celname@REALMNAME as explained in
>
> http://openafs.org/pages/security/install-rxkad-k5-1.6.txt
> http://openafs.org/pages/security/how-to-rekey.txt
>
> But I have made some mistake somewhere, because when I test with unpatched
> clients
> 1.4.x they still authenticate.
Isn't this a feature, not a bug?
The actual on-the-wire crypto is unchanged from the 1.4 era (much earlier,
really); the real security benefit is gained on the server side.
-Ben Kaduk