[OpenAFS] any experiences with OpenAFS client on the upcoming
MacOS 10.10 (yosemite) release?
Benjamin Kaduk
kaduk@MIT.EDU
Wed, 22 Oct 2014 11:33:10 -0400 (EDT)
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
---559023410-654243212-1413991990=:27826
Content-Type: TEXT/PLAIN; charset=UTF-8
Content-Transfer-Encoding: QUOTED-PRINTABLE
On Wed, 22 Oct 2014, Jan Posp=C3=AD=C5=A1il wrote:
> Is there a way one can force the default kerberos in Yosemite to
> allow-weak-crypto? Or do I have to install for example the MIT or Heimdal
> kerboeros separately as a workaround before our keys will be upgraded to =
a
> different encryption type (may take rather long time)?
I would strongly suggest that you expend effort on hastening the upgrading
of keys.
http://web.mit.edu/achernya/Public/thesis.pdf describes much of the work
done to support rxkad-k5 for OpenAFS, and has references for the extreme
weakness of single-DES long-term keys. These keys can be cracked in under
a day at a cost of less than 100 USD. I expect you value your data more
highly than that.
-Ben
---559023410-654243212-1413991990=:27826--