[linux] Ubuntu Kerberos/PAM for UW

db dbota at att.net
Tue Feb 8 16:21:52 PST 2011

Previous message: [linux] Ubuntu Kerberos/PAM for UW
Next message: [linux] Ubuntu Kerberos/PAM for UW
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

How do I unsubscribe from this list?

db

On 2/8/2011 3:06 PM, RL 'Bob' Morgan wrote:

>

>> Also, somewhat disturbingly the line "allow_weak_crypto = true" seems

>> to be required on Red Hat EL6 as well. I can't follow all the krb5

>> intricacies but hopefully that crypto isn't TOO weak. :)

>

> This is due to the Kerberos software on the UW KDCs (ie, the

> u.washington.edu realm KDCs using MIT Kerberos software) being older

> than it should be. The relevant crypto (des-cbc-crc) is certainly

> weaker than we should be using today. UW IT just started a project to

> update the KDCs that will support the eventual phase-out of the weak

> crypto requirement, among other goals.

>

> - RL "Bob" Morgan

> UW IT IAM

>

>

Previous message: [linux] Ubuntu Kerberos/PAM for UW
Next message: [linux] Ubuntu Kerberos/PAM for UW
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Linux mailing list