krb5-1.8-beta2 is available
Marcus Watts
mdw at umich.edu
Fri Feb 26 12:17:55 EST 2010
Tom Yu <tlyu at mit.edu> writes:
...
> have a final release early next week. We would appreciate feedback on
> documentation, particularly about the DES transition and
> "allow_weak_crypto".
...
The README file says
> variable that enables "weak" enctypes, which now defaults to "false"
> beginning with krb5-1.8. The krb5-1.8 release includes additional
> measures to ease the transition away from single-DES.
The README doesn't say what those other measures are.
As folks said, you don't have krb5-1.8b1-getprinc.patch.
I applied that and installed in my test environment. So far,
things just work. I have a radmind overload that makes
sets /usr/local/mit-k5-1.8beta2/etc/krb5.conf to read:
[libdefaults]
allow_weak_crypto = 1
this works as advertised as well, and certainly makes it pretty
painless to experiment.
Things that I'd love to see in some future version of the code,
* a configure option that actually *removes* the single-des
cryptosystem from the built code (as opposed to merely disabling it).
* python 2.6 support.
-Marcus Watts
More information about the krbdev
mailing list