[OpenAFS] one afs/cell.domain princs per realm
Ken Hornstein
kenh@cmf.nrl.navy.mil
Wed, 27 Aug 2003 13:45:52 -0400
>> - I'd have aklog do the krb5 ticket mangling itself.
>
>Doesn't number two present all the problems you have with gssklog?
>He'll have only himself to maintain a different aklog and others
>trying to get to his cell will need his aklog.
That's true ... but there's been a lot of interest in a non-krb524 version
of aklog (I've even been thinking of adding a compile-time option to do
that to the migration kit). There hasn't been nearly as much interest
in gssklog. Medium-term, I think you have more of a chance of finding
someone with a non-krb524 aklog than you do of finding someone with gssklog.
And, it's _simpler_ ... you don't need to run any extra magic servers at
all.
--Ken