[OpenAFS] When Using Kerberos5 is klog necessary?
Russ Allbery
rra@stanford.edu
Thu, 01 Jan 2004 11:09:19 -0800
Derek Atkins <warlord@MIT.EDU> writes:
> Russ Allbery <rra@stanford.edu> writes:
>> We're still using independent, synchronized K4 and K5 realms, so our
>> kinit is configured to separately obtain K4 and K5 tickets and then run
>> a standard K4 aklog. But as soon as we switch over to using the
>> various fakeka-related stuff, we can turn off krb4_get_tickets and
>> switch aklog versions.
> I dont understand -- why does the aklog version have anything to do with
> getting fakeka up and running? You could just switch to a krb5 aklog
> (and krb524d) piecemeal, as aklog doesn't use ka in any way, shape, or
> form.
Yeah, sorry, I'm mixing things in the order in which we're thinking about
doing them, not in the order that they actually have to be done for any
technical reason.
> You can remove the krb4 requirement from your Unices with a simple
> change in aklog version.
As soon as we synchronize keys and update our DB servers, yes. :)
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>