https://bugzilla.novell.com/show_bug.cgi?id=681201 https://bugzilla.novell.com/show_bug.cgi?id=681201#c0 Summary: Missing options in YaST / Kerberos client Classification: openSUSE Product: openSUSE 11.4 Version: Final Platform: All OS/Version: Other Status: NEW Severity: Enhancement Priority: P5 - None Component: YaST2 AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: mcaj@novell.com QAContact: jsrain@novell.com Found By: --- Blocker: --- Hi, We are using Ldap and kerberos identification. 1. We are using the keytab file (for allow NFS ) in /etc/krb5.keytab. This file is automatic generate on the server. Currently we are using wget and cgi e.g. wget http://nfs.mycompany.com/cgi-bin/get-key.cgi -O /etc/krb5.keytab in the cgi script are command for kerberos server (I can send it as well if you need it ) My suggestion is : Can you add box Download keytab file ? (similar as is for download certification for ldap client ? ) 2. Since Opensuse 11.3 we have been using the new option in /etc/krb5.cong "allow_weak_crypto = true" in the [libdefaults] part. It looks like new Kerberos version are using stronger encryption, witch is fine, but our enterprise server hasn't supported it yet. (SLES 11 SP1) My suggestion is : Can you add allow weak crypto check box in the Kerberos Client ? the best place would be on the first list of advanced setting I think. Ps : and what about one more list in the advanced setting for different type of encryption ?( like : des-cbc-crc des3-hmac-sha1 ) that would be nice too. Thank you. and If you need test it don't hesitate contact me. Martin -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.