[OpenAFS] changing kdc server
Derrick J Brashear
shadow@dementia.org
Wed, 13 Nov 2002 21:25:32 -0500 (EST)
On Thu, 14 Nov 2002, Oki DZ wrote:
> There are things that I don't understand about the place of Kerberos on
> AFS; eg: Kerberos gives you tickets, and yet, AFS still needs you to have
> the tokens.
Distilled ticket which can be easily stored in the kernel.
> Kerberos provides you the principals that can have the access
> (to whatever resources), and yet, AFS needs you to list its users in the
> PTS.
Enumerating kerberos members is hard, and it has no groups.
> Kerberos has policy, and yet, AFS doesn't make any use of it
> (AFAIK).
krb4 has no policy. AFS is based on krb4.