allow_weak_enctypes=false and AFS

Greg Hudson ghudson at
Wed Jan 20 13:55:01 EST 2010

On Tue, 2010-01-19 at 13:58 -0500, ghudson at MIT.EDU wrote:
> krb5_error_code krb5_allow_weak_crypto(krb5_context ctx, krb5_boolean enable);

It's been pointed out that this API doesn't allow the application to
know the previous state.

I think that's fine since I'm just trying to solve a specific usability
issue with aklog.  If there are other use cases which would benefit from
querying the state, I can add a second API to do that.  But I'd like to
know about the use cases first.

(I do not particularly want to design an API like umask() where you can
query the value, but only by changing it.)

More information about the krbdev mailing list