Thomas Bushnell BSG <t...@becket.net> writes: > I will say that the bug in unstable is at the very least a serious UI > bug.
I think the way that MIT Kerberos handled this transition is not really going to work well in combination with AFS. They seem to have approached it from the perspective that AFS is just one more application that needs to stop using DES and AFS sites will distribute their own krb5.conf, but it's a fairly significant one and distributing one's own krb5.conf isn't as common in these days of distributions. AFS doesn't really have a lot of ground to stand on -- it should have been off DES years ago -- so I'm not sure how much complaint to make, but I'm not very happy with how this is currently going. Heimdal special-cased AFS, which certainly from AFS's perspective is a better approach. > If the problem is that afs keys are using over-weak encryption, the > error message the user sees when they type "aklog" could surely be > better than saying "unknown error" with a big negative number, and the > kdc log saying that the principal simply doesn't exist. This is the standard com_err problem. com_err is a good idea in theory, but AFS uses a separate com_err library because the standard com_err can't cope with AFS error codes, which means that aklog has a hard time loading all the error tables properly. I think this is fixed in OpenAFS 1.5, and may even be in 1.4.12. Of course, all that will do is just get you to the principal doesn't exist error that the KDC log is reporting. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
