Jason L Tibbitts III <ti...@math.uh.edu> writes: >>>>>> "RH" == Robbie Harwood <rharw...@redhat.com> writes: > > RH> Ah, I see, you're talking about the case when the enctype is already > RH> not permitted. That all makes sense then. > > Right. Basically, if any one of these: > > * Warnings in previous versions about principals without modern etypes > * Logging in the new version to say why tickets wouldn't issue for > principals with old etypes > * A checkup tool in either the old or current versions to tell me what's > gone wrong > > had existed then there would have been no confusion. Certainly I was > able to figure it out but... if someone had just done an OS update > without proper testing then they could be in a pretty bad position.i > > So basically the big issue as I see it is that there's simply nothing > to tell you that things are going to break, and after the update > there's nothing that tells you why things are broken. And I was > concerned that if some encryption routines go away completely then it > would be possible to be in a state where you can't even decrypt the > database.
I have added warnings for: - deprecated enctype issuance on KDC - deprecated enctypes in klist output - deprecated enctype in stash / K/M to the latest rawhide builds (krb5-1.17-3.fc30). If I backport this to fc29, will that assuage people's concerns? Or do I need to defer the change until fc31? Thanks, --Robbie
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
