[OpenAFS-devel] More on aklog

Ken Hornstein kenh@cmf.nrl.navy.mil
Mon, 11 Oct 2004 22:10:18 -0400


>Jeff Altman explained why in the RT ticket you opened; Basically, "because 
>it can lead to 2 principals being treated as the same one".

I feel it's only fair to say that I know someone that got screwed,
hard, because of this code.  Yeah, it can lead to two principals
being treated the same: so what?  So far it's only seemed to cause
people problems, because this _USED_ to work fine with krb524d,
which people used FOR YEARS without any problems, confusion or
security incidents.  The end result is that it's not a seamless
upgrade from a V4 ticket to a V5 ticket with krb524d, and that
sucks.

--Ken