allow_weak_enctypes=false and AFS

Simon Wilkinson simon at
Tue Jan 19 14:10:56 EST 2010

On 19 Jan 2010, at 18:58, ghudson at wrote:

> We are currently planning to add an API which aklog can use to
> override the value of allow_weak_crypto, which might look like:
> krb5_error_code krb5_allow_weak_crypto(krb5_context ctx, krb5_boolean enable);

>From my perspective, that's great. Whilst I'm actively working on writing a GSSAPI security object for OpenAFS as we speak, that work isn't done yet, and not having to get everyone to edit their krb5.conf's in the meantime will be wonderful...



More information about the krbdev mailing list