[OpenAFS] AFS, Kerberos 5, and Windows; questions

[Patrick J. LoPresti]

Derrick J Brashear <shadow@dementia.org> writes:

> On 28 May 2001, Patrick J. LoPresti wrote:
> 
> > What are the advantages and disadvantages of including AFS3-salted
> > keys in the KDC?  If I understand correctly, I would only need such
> > keys for klog to work; if instead we always use (Kerberos 5) kinit and
> > aklog, is there any reason to support AFS3-salted keys at all?
> 
> Not even: klog will work with v4 salted keys also, back to at least AFS
> 3.3 and probably further.

Thank you; that is interesting, and it is not at all obvious from any
of the documents I have seen (Kerberos FAQ, AFS FAQ, AFS / Kerberos 5
migration kit material).

Just to be sure I understand the authentication process correctly: Do
we actually need v4 salted keys in the KDC if we intend to use kinit
(krb5) + aklog and not klog?

 - Pat