[OpenAFS] MIT sort'a supporting aklog???
Derrick J Brashear
shadow@dementia.org
Mon, 11 Aug 2003 23:08:58 -0400 (EDT)
On Mon, 11 Aug 2003, Rodney Dyer wrote:
> At 09:15 PM 8/11/03 -0400, Derrick J Brashear wrote:
>
> >It does the same thing, it just makes different underlying assumptions.
> >
> >See also kinit, klist, kdestroy.
>
> Yes, but at least kinit uses command line args which put it into different
> "modes" of operation.
v4 kinit was
kinit shadow@ANDREW.CMU.EDU
v5 kinit is
kinit shadow@ANDREW.CMU.EDU
if i have a v4 kinit on my path, guess what tickets i don't get? (the
minimal maintenance afs requires has spoiled me. i have machines where,
yes, the kinit in my path is v4, because i've been too lazy to tweak the
config so v5 kinit isn't called k5init. i hate me.)
> >possibly before there was a krb5. in fact, that's what it was for, and i
> >have no idea how many sites still have v4 (only) kdcs, but note that v4
> >aklog could be used with the kaserver.
>
> Ok, so I'll bite, why would anyone use "aklog" when using kas instead of
> "klog"?
1) foreign realms/cells. aklog lets me be shadow@andrew.cmu.edu in the
dementia.org cell.
2) my kerberos login program got me a tgt when i logged in. i don't
volunteer to type my password again. if any of my coworkers are reading,
they might tell you of my deep-seated hateful loathing of the crap that is
pubcookie. i typed my password when i sat down, that's as many times as i
plan to type it, at least for 24 hours, and longer if i bothered to get a
renewable ticket.