[OpenAFS-devel] verifykt

[Marcus Watts]

> Message-ID: <45A8DC94.6080207@secure-endpoints.com>
> Date: Sat, 13 Jan 2007 08:20:20 -0500
> From: Jeffrey Altman <jaltman@secure-endpoints.com>
> Organization: Secure Endpoints Inc.
> User-Agent: Thunderbird 1.5.0.9 (Windows/20061207)
> MIME-Version: 1.0
> To: Marcus Watts <mdw@umich.edu>
> CC: openafs-devel@openafs.org
> Subject: Re: [OpenAFS-devel] verifykt
> References: <200701130817.DAA18891@quince.ifs.umich.edu>
> In-Reply-To: <200701130817.DAA18891@quince.ifs.umich.edu>
> Reply-To: jaltman@secure-endpoints.com
> 
> Marcus Watts wrote:
> > Anyways, I'm certainly interested in what people think.
> > 
> > 				-Marcus
> 
> I think you should be discussing this program on the
> krbdev@mit.edu or kerberos@mit.edu mailing list and that
> the functionality you are describing should be added to
> 'knvo'.
> 
> Jeffrey Altman

That's fine and a good idea -- except that's only MIT.  There ought to
be something similiar that works with Heimdal (which hasn't got kvno),
and I'd really like to see something that comes with openafs that will
be linked against the same kerberos libraries as the actual run-time
servers will be using.  Whatever we do, there are already many
systems with more than one version of kerberos installed,
and this probably won't improve in the near term.

Also I don't think kvno quite fits (at least not as is); kvno doesn't
do initial authentication and works with a regular user tgt & any
service - very useful but not the same thing really.

No matter what though, I'm sure the kerberos folks will have
interesting things to say.

I'll try to polish verifykt up a bit more so that it does
more interesting stuff, then post something, probably to
kerberos@mit.edu .

				-Marcus