DES phase-out and 1.8
Love Hörnquist Åstrand
lha at kth.se
Mon Jan 4 07:23:30 EST 2010
I recommend this path forward.
Love
4 jan 2010 kl. 01:19 skrev Sam Hartman:
> I'd actually be happier simply setting allow_weak_enctypes to false by
> default than decoupling the defaults for default_tkt_enctypes and
> default_tgs_enctypes.
>
> I think it will be easier to tell people who run into trouble to set
> allow_weak_enctypes to true than to explain to them about
> default_*_enctypes.
>
> Also, people who share config files between 1.8 and older releases are
> likely to end up with configurations that list explicit enctypes rather
> than using the new 1.8 syntax. Older than 1.7 releases will simply
> ignore allow_weak_enctypes.
>
> I'm specifically thinking that for Debian and Ubuntu, I would find it
> easier to handle allow_weak_enctypes with debconf than to allow adding
> +des to default_tkt_enctypes for 1.8 and beyond but not for 1.7 or
> earlier.
>
> However a lot of my thoughts are colored by really bad experience with
> default_* from the bad old days. This is not a strong objection by any
> means. I definitely want to see some motion on getting rid of des.
> _______________________________________________
> krbdev mailing list krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
More information about the krbdev
mailing list