[OpenAFS] changing kdc server

Oki DZ okidz@pindad.com
Thu, 14 Nov 2002 09:13:54 +0700


On Wed, Nov 13, 2002 at 09:14:47AM +0100, Ian Delahorne wrote:
> I think that kfd (kerberos forwarding demon) from Heimdal should do this.

Question remains... because I already installed the one from MIT.
If I were to install two AFS server, would I have to install two Kerberos
servers too?

There are things that I don't understand about the place of Kerberos on
AFS; eg: Kerberos gives you tickets, and yet, AFS still needs you to have
the tokens. Kerberos provides you the principals that can have the access
(to whatever resources), and yet, AFS needs you to list its users in the
PTS. Kerberos has policy, and yet, AFS doesn't make any use of it
(AFAIK).

I think both have to be merged more closer, and yet, make them be able to
run on different servers; afterall, this is about distributed
authentication and distributed file serving. I believe if the PTS could
get the list of the users from Kerberos, that would be great; PAM has
done it, correct?.

Oki