allow_weak_enctypes=false and AFS

Russ Allbery rra at
Wed Jan 20 14:01:23 EST 2010

Greg Hudson <ghudson at> writes:
> On Tue, 2010-01-19 at 13:58 -0500, ghudson at MIT.EDU wrote:

>> krb5_error_code krb5_allow_weak_crypto(krb5_context ctx, krb5_boolean enable);

> It's been pointed out that this API doesn't allow the application to
> know the previous state.

> I think that's fine since I'm just trying to solve a specific usability
> issue with aklog.  If there are other use cases which would benefit from
> querying the state, I can add a second API to do that.  But I'd like to
> know about the use cases first.

Yeah, my inclination would be go just do the simple thing, since in the
long run this hopefully won't be an issue.

Russ Allbery (rra at             <>

More information about the krbdev mailing list