On Fri, Jun 17, 2011 at 09:51:30PM +0200, Sergio Gelato wrote: > It is true that you can enable the enctypes for all principals by adding > [libdefaults] > allow_weak_crypto = true > to /etc/heimdal-kdc/kdc.conf, but that's a very blunt tool since only a > few principals still need an exemption from the "no DES" policy. For my > own operations I'll definitely stick with my patch. A more universal > solution would be to make the exception list configurable without > recompiling the KDC, but that has to be balanced against the likely > complexity of such a change. So for some reason I thought the patch was more involved. So yeah, you can update that through proposed-updates. If it misses the next point release we can also push it through squeeze-updates, I think. It's a bit sad that it's hardcoded but I think it's fair for NFS/AFS, even though we got recent support for better crypto in the kernel. Kind regards, Philipp Kern -- .''`. Philipp Kern Debian Developer : :' : http://philkern.de Stable Release Manager `. `' xmpp:phil@0x539.de Wanna-Build Admin `- finger pkern/key@db.debian.org
Attachment:
signature.asc
Description: Digital signature