[OpenAFS] Definitive Krb5 documentation desired
Derrick J Brashear
shadow@dementia.org
Tue, 22 Apr 2003 11:40:44 -0400 (EDT)
On Tue, 22 Apr 2003, Andreas Haupt wrote:
> > >> you can switch to a heimdal kdc and ignore all your clients except
> > >> kpasswd, since otherwise they all just keep working. that includes
> > >> whatever login solution you have now. no pam.
> > >
> > > I think that's not correct. The kaserver emulation in the heimdal kdc does
> > > not support the ka_mainencance_service. This means you can throw away all
> > > scripts which used it (e.g. with kas), and replace it with kadmin calls.
Sure, I don't consider this a user program, but maybe you do.
> > The reson heimdal doesn't include KAM_ support is that it requires are
> > complete rx+rxkad-stack, where KAA_ doesn't.
>
> So it might be possible?
Sure, you could split the ka listener off the heimdal kdc, make it a
separate process, and implement this, but i wouldn't want to try to pull
rx+rxkad into the complete kdc.