Skip Menu |
 

From: Georg Sluyterman <georg@sman.dk>
Subject: Documentation__Retiring DES
Date: Thu, 7 Nov 2013 15:00:59 +0100
To: krb5-bugs@mit.edu
http://web.mit.edu/kerberos/krb5-devel/doc/admin/advanced/retiring-des.html

"If there remain legacy services which do not support non-DES enctypes (such as AFS), allow_weak_crypto must remain enabled on the KDC."

This is not true any more (since July 2013). See OpenAFS.org.

--
Regards
Georg Sluyterman
From: tlyu@mit.edu
Subject: git commit

Document that newer AFS supports stronger crypto

Modern OpenAFS releases support using encryption stronger than single
DES with Kerberos. Update the documentation accordingly.

https://github.com/krb5/krb5/commit/9b51ffb0c55a6c4c44501d86eb207acc79403c5c
Author: Tom Yu <tlyu@mit.edu>
Commit: 9b51ffb0c55a6c4c44501d86eb207acc79403c5c
Branch: master
doc/admin/advanced/retiring-des.rst | 31 ++++++++++++++++---------------
1 files changed, 16 insertions(+), 15 deletions(-)
From: tlyu@mit.edu
Subject: git commit

Document that newer AFS supports stronger crypto

Modern OpenAFS releases support using encryption stronger than single
DES with Kerberos. Update the documentation accordingly.

(cherry picked from commit 9b51ffb0c55a6c4c44501d86eb207acc79403c5c)

https://github.com/krb5/krb5/commit/fe19aa61a8193dc8add1d85b13a80ece3b8b3ced
Author: Tom Yu <tlyu@mit.edu>
Commit: fe19aa61a8193dc8add1d85b13a80ece3b8b3ced
Branch: krb5-1.13
doc/admin/advanced/retiring-des.rst | 31 ++++++++++++++++---------------
1 files changed, 16 insertions(+), 15 deletions(-)