[OpenAFS-devel] Re: "aklog -version" in 1.4.1?
Ken Hornstein
kenh@cmf.nrl.navy.mil
Tue, 11 Apr 2006 10:59:47 -0400
>My main concern here is users at well-established AFS sites (say,
>CMU/MIT/Stanford) who access my cell. The way it's set up, things
>work great with the latest aklog, zero configuration needed. I've
>found that prior aklogs fail (sometimes nondeterministically) because
>I rely so heavily on AFSDB, Kerberos SRV, and cross-realm
>authentication. These all work quite well in the 1.4.1 aklog, though.
You have to be careful here. At least two of those things you mention
(SRV records for Kerberos, cross-realm authentication) are properties of
the Kerberos library that aklog links against. The version of aklog that
you have doesn't really matter. AFSDB can matter, but that's more about
the version of the AFS libraries that you link against; aklog wasn't
changed to know about AFSDB.
Really, the significant difference between "older" aklogs and modern
aklogs is that the older ones always use the 524 ticket converter; modern
ones will try an rxkad 2b token by default.
--Ken