allow_weak_enctypes=false and AFS

[Simon Wilkinson]

On 19 Jan 2010, at 18:58, ghudson at mit.edu wrote:

> We are currently planning to add an API which aklog can use to
> override the value of allow_weak_crypto, which might look like:
> 
> krb5_error_code krb5_allow_weak_crypto(krb5_context ctx, krb5_boolean enable);

>From my perspective, that's great. Whilst I'm actively working on writing a GSSAPI security object for OpenAFS as we speak, that work isn't done yet, and not having to get everyone to edit their krb5.conf's in the meantime will be wonderful...

Cheers,

Simon.