[OpenAFS-devel] Document for authenticating against MIT K5/krb524d ?

Jeffrey Hutzelman jhutz@cmu.edu
Thu, 10 Jan 2002 16:16:33 -0500 (EST)


On Thu, 10 Jan 2002, Ken Hornstein wrote:

> >About Heimdal vs MIT:
> >
> >The Heimdal KDC is both v4 and v5 at the same time, so you won't need
> >any krb524d. Of course I'm biassed because I don't need to go far to
> >ask Johan everything about Heimdal. Hm. That does not mean I always
> >understand the answer :-)
> 
> I think I'm missing something here; the MIT KDC is also v4 and v5 at
> the same time.  But you still need something like krb524d if you want
> to convert a V5 TGT into an AFS token (say, for instance, if you use
> Kerberos telnet/ssh and forward your V5 TGT across, or you have a
> policy which forbids the use of v4 ticket requests.).  I'm assuming the
> Heimdal afslog does _something_ along those lines, right?

Yes, but on Heimdal, the 524 functionality is rolled into the KDC, just
like everything else. :-)

-- Jeff