Custom Query (1145 matches)


Show under each result:

Results (22 - 24 of 1145)

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
Ticket Resolution Summary Owner Reporter
#1308 fixed Don't set allow_weak_crypto adehnert

Reported by adehnert, 11 years ago.


Once sufficient progress has been made on Debathena #529 to let users get away without using 1DES, Debathena should stop setting allow_weak_crypto in /etc/krb5.conf.

Status wiki

We believe that:

  • On client machines, we can unset allow_weak_crypto once the users on the machine have strong keys and the servers they communicate have strong keys.
  • On application servers, we can unset allow_weak_crypto once the users connecting have a vaguely recent kerberos and the server has a strong key. (If it accepts passwords, the users also need to have a strong key.)
  • On the KDC, we don't care because it doesn't run Debathena.

Key rolling status:

  • FIXED: We believe that the cert update process will roll keys, so all (active-ish) users should now have updated keys.
  • FIXED: AFS servers now use a hack to use AES keys, plus mostly don't count because of krb5_allow_weak_crypto.html (see comment:3).
  • FIXED: Except for AFS (above), Server Operations' keys have all be updated (see comment:4).
  • FIXED: The PO servers (IMAP) have new keys
  • FIXED: SIPB services are generally rolled (contacting the maintainers is probably reasonable for anything that isn't, but we think that's done)
  • Presumably user outreach is required to get other application servers to roll their keys.
#1319 fixed Better SIAB certificate on dialups adehnert

Reported by adehnert, 10 years ago.


When I go to I get a SIAB session and the world is wonderful. Unfortunately, if I go to, I get the same cert (which isn't signed for department-of-alchemy) and thus a cert warning. For people using screen+SIAB, each host should have a SubjectAltName of their actual hostname or do SNI.

#1327 duplicate Trac's login button should redirect properly adehnert

Reported by adehnert, 10 years ago.


If I go to, open some ticket, and click "login", I get sent back to the I should stay at the same ticket. The easiest answer might be to just always redirect to the athena10 version?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
Note: See TracQuery for help on using queries.