[OpenAFS] Separating AFS tokens generation from Authenticatio n

[Ken Hornstein]

>> Then again, I'd also like to see each AFS server have its own key
>> instead of using a single shared key across all servers in a cell.
>
>Another nice idea, but then you get into what DFS had to do, in effect
>getting a separate ticket for each server. This required a TGT. 
>
>The beauty of AFS today, is its simplicity. A token per cell. 

But unfortunately, this is also one of AFS's biggest weakenesses in the
security arena.

--Ken