[OpenAFS] Delivering confidential information in AFS via Apache

Ken Hornstein kenh@cmf.nrl.navy.mil
Sun, 05 Aug 2001 03:25:48 -0400


>If a better solution comes along, and it's easy to deploy, I'll use it.  At
>present I'm waiting for the grand transition of AFS to Kerberos 5.

I think that if I was in your position, I wouldn't wait for "real"
Kerberos 5 support.  There are still significant issues that need to be
resolved, and AFAIK no code has yet been written to make it happen.
I see that as still being a few years away.

>So
>we're still using the AFS kaserver and this may cause compatibility
>problems with solutions originating out of the Kerberos world.

You _could_ simply switch to a V5 KDC; sure, the Migration Kit is a bit
old and dusty (I know, I know ... I _will_ update the damn thing soon)
but it should still be possible to get it working without too much pain.
And you can use all of the V5 stuff that's slowly starting to appear.

--Ken