Hello Kevin,
Hello list,
On Wed, Mar 14, 2012 at 02:48:29PM +0100, Michael Weiser wrote:
> So the client's ticket for the server is encrypted using arcfour-hmac
> but the session key contained therein is only des-cbc-crc.
> This behaviour works so seamlessly, that I had assumed, it's intentional.
> Are you telling me, that it is neither intended nor supported?
> If so: Isn't this something we'd want to have? I accept that it's not
> much use from an interoperability point of view but it sure simplifies
> administration in a Linux-only environment. Doesn't this also have at
> least some positive security impact? And as I've said, it greatly
> simplifies Linux admins' life in an Active Directory 2008 R2+
> environment where AD administrators will be very reluctant to change the
> domain security policy for those obscure Linux boxes.
Any thoughts on this, anyone?
If nobody objects, I'd resubmit my patch to gssd with some cleanup and
documentation.
Thanks,
--
Michael Weiser science + computing ag
Senior Systems Engineer Geschaeftsstelle Duesseldorf
Martinstrasse 47-55, Haus A
phone: +49 211 302 708 32 D-40223 Duesseldorf
fax: +49 211 302 708 50 www.science-computing.de
--
Vorstandsvorsitzender/Chairman of the board of management:
Gerd-Lothar Leonhart
Vorstand/Board of Management:
Dr. Bernd Finkbeiner, Michael Heinrichs,
Dr. Arno Steitz, Dr. Ingrid Zech
Vorsitzender des Aufsichtsrats/
Chairman of the Supervisory Board:
Philippe Miltin
Sitz/Registered Office: Tuebingen
Registergericht/Registration Court: Stuttgart
Registernummer/Commercial Register No.: HRB 382196
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
