[OpenAFS] Kerberos 5-to-4 daemon

Douglas E. Engert deengert@anl.gov
Tue, 29 Jul 2003 13:53:29 -0500


Matt Weatherford wrote:
> 
> Does the krb524 daemon open up any security risks if run on
> a kerberos 5 server?  If I want all my clients to use Kerb 5,
> does having the 524 daemon running allow users/clients (other than
> AFS clients) to use kerb 4 protocols to authenticate?


You can setup the krb524d to only translate the AFS key. 

See the -k option, to use a keytab rather then KDC database.
 
> 
> Will krb524 weaken the security of my Kerb 5 server?
> 
> Thanks,
> Matt
> 
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info

-- 

 Douglas E. Engert  <DEEngert@anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444