[OpenAFS] AFS, Kerberos 5, and Windows; questions

Patrick J. LoPresti patl@curl.com
31 May 2001 16:22:01 -0400

Derrick J Brashear <shadow@dementia.org> writes:

> On 28 May 2001, Patrick J. LoPresti wrote:
> > What are the advantages and disadvantages of including AFS3-salted
> > keys in the KDC?  If I understand correctly, I would only need such
> > keys for klog to work; if instead we always use (Kerberos 5) kinit and
> > aklog, is there any reason to support AFS3-salted keys at all?
> Not even: klog will work with v4 salted keys also, back to at least AFS
> 3.3 and probably further.

Thank you; that is interesting, and it is not at all obvious from any
of the documents I have seen (Kerberos FAQ, AFS FAQ, AFS / Kerberos 5
migration kit material).

Just to be sure I understand the authentication process correctly: Do
we actually need v4 salted keys in the KDC if we intend to use kinit
(krb5) + aklog and not klog?

 - Pat