[OpenAFS-win32-devel] AFS Server on Windows now works - pleasetestnewbuilds

Douglas E. Engert deengert@anl.gov
Fri, 02 Apr 2004 14:50:40 -0600


Jeffrey Altman wrote:
> 
> Douglas E. Engert wrote:
> 
> >>As long as the tickets do not exceed 64K - 256 OpenAFS
> >>will be able to handle them.
> >>
> >
> >But you said:
> >     * Increased the size of the maximum ticket size stored in a token
> >       from 344 bytes to 4096.
> >
> >Are you changing the limits on this too?
> >
> I can increase the limits.  I have not yet done so.  I have not seen an 8k
ticket, but osme one must have, as they rasised the limit. 4096 should work
in most situations unless some AD admin in lots of groups with a big PAC 
uses AFS. 

> 
> >
> >But what I am seeing, is that a W2003 AD may issue a ticket with DES-CBC-MD5,
> >whereas a W2000 AD in the same domain will issue it with DES-CBC-CRC.
> >
> >So if one of these is uses directly, it will not work as the server will not
> >accept the DES-CBC-MD5.
> >
> >(I just put up a krb5-1.3.2 KDC today, and I am seeing something similar
> >with krb524d when the kinit was done against the W2003 AD vs the W2000 AD.
> >I am still looking at this situation. this may be the same problem, as the
> >new krb524d may be retaining the DES-CRC-MD5 for the converted k4 ticket.)

 
> >
> >
> There is an existing ticket for md4/md5 checksum support
> which Love opened several years ago.  I have merged your
> request into that one.
>

Yes it would be the same problem. 
 
> I have fixed the uninitialized variable problem so that
> it does the correct thing and increases the pain level.
> All that needs to be done now is for someone to add the
> md4/md5 support.  It could probably have been done in the
> amount of time it took to write these e-mails and manage
> the RT queue.  :-)

Yes that is the easy part. The hard part is testing, and installing
new AFS server binaries in production.
 

> 
> _______________________________________________
> OpenAFS-Win32-devel mailing list
> OpenAFS-Win32-devel@openafs.org
> http://lists.openafs.org/mailman/listinfo/openafs-win32-devel

-- 

 Douglas E. Engert  <DEEngert@anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444