[OpenAFS] Definitive Krb5 documentation desired

Love lha@stacken.kth.se
Tue, 22 Apr 2003 16:33:51 +0200


Andreas Haupt <ahaupt@ifh.de> writes:

> On Tue, 22 Apr 2003, Love wrote:
>
>> Andreas Haupt <ahaupt@ifh.de> writes:
>>
>> > On Fri, 18 Apr 2003, Derrick J Brashear wrote:
>> >> you can switch to a heimdal kdc and ignore all your clients except
>> >> kpasswd, since otherwise they all just keep working. that includes
>> >> whatever login solution you have now. no pam.
>> >
>> > I think that's not correct. The kaserver emulation in the heimdal kdc does
>> > not support the ka_mainencance_service. This means you can throw away all
>> > scripts which used it (e.g. with kas), and replace it with kadmin calls.
>>
>> The reson heimdal doesn't include KAM_ support is that it requires are
>> complete rx+rxkad-stack, where KAA_ doesn't.
>
> So it might be possible? Are there plans to implement it completely?

Its certainly possible. I don't plan to write since I think my time is
better spent on other (IMHO more important) kerberos/afs things that needs
to be fixed.

Love