[OpenAFS] Definitive Krb5 documentation desired

[Love]

Andreas Haupt <ahaupt@ifh.de> writes:

> On Fri, 18 Apr 2003, Derrick J Brashear wrote:
>> you can switch to a heimdal kdc and ignore all your clients except
>> kpasswd, since otherwise they all just keep working. that includes
>> whatever login solution you have now. no pam.
>
> I think that's not correct. The kaserver emulation in the heimdal kdc does
> not support the ka_mainencance_service. This means you can throw away all
> scripts which used it (e.g. with kas), and replace it with kadmin calls.

The reson heimdal doesn't include KAM_ support is that it requires are
complete rx+rxkad-stack, where KAA_ doesn't.

Love