https://bugzilla.novell.com/show_bug.cgi?id=681201 https://bugzilla.novell.com/show_bug.cgi?id=681201#c4 Michael Calmer <mc@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED CC| |mc@novell.com InfoProvider|mc@novell.com | --- Comment #4 from Michael Calmer <mc@novell.com> 2011-03-22 11:47:53 UTC --- weak_crypto option is only available in newer versions of krb5. They have disabled single DES and you can enable it again with this option. But some services only support single DES, e.g. nfsv4 using GSSAPI. As I understand this, nfsv4 using crypto routines from the kernel. And the kernel support only single DES. This may have changed in newer kernel versions which might also support 3DES. I think a checkbox for allow_weak_crypto might be good, but configure a list of crypto things might be overkill. About the keytab: using wget is not a good option. The kadmin command provide an interface to add a key to a keytab. $> kadmin ... kadmin> ktadd host/xyz.example.com add the key for the principal host/xyz.example.com to the local keytab. This command works remote. Using this the kvno changes (key version number). If you need the same key on different hosts you need to copy it in a different way. Supporting things like this would lead into writing a GUI for kadmin. Which is in general a good idea, but overkill for yast2-kerberos-client. (I think yast2-kerberos-client should setup a working kerberos authentication and should not be a full admin interface) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.