[OpenAFS] OpenAFS 1.6.9 and AES tickets
Benjamin Kaduk
kaduk@MIT.EDU
Thu, 31 Jul 2014 11:20:02 -0400 (EDT)
On Thu, 31 Jul 2014, Jeffrey Altman wrote:
> On 7/31/2014 10:18 AM, Brandon Allbery wrote:
>> On Thu, 2014-07-31 at 16:12 +0200, Martin Richter wrote:
>>> So this means that client caching can't be used anymore after DES has
>>> been removed from the KDC?
>>
>> No; rxkad-kdf derives a DES key from a stronger key. Also clients still
>> default to no encryption in the cache manager (fs setcrypt).
>
> This is only true for UNIX cache managers. Windows default to "fs
> setcrypt on".
One might ask why we permit such gratuitous behavior differences across
our platforms.
-Ben