[OpenAFS] Kerberos 5, AFS, and no krb524d
Derrick J Brashear
shadow@dementia.org
Fri, 6 Jun 2003 14:55:48 -0400 (EDT)
On Fri, 6 Jun 2003, Ken Hornstein wrote:
> >I wrote one, it takes like 15 minutes to write, and I think Love wrote
> >one, but I don't consider mine releasable, and I really think not letting
> >a server, a single point of change, do the work, is a bad idea.
>
> I think I respectfully disagree.
Ok, but then you go on to say something that doesn't explain that:
> Integration of AFS and Kerberos 5 has always been tricky for the novice,
> because you need to do extra stuff to make it work (I know the reasons for
> this, but maybe I just like to complain :-) ). I think the closer we
> get to AFS being "just another" Kerberos service, the better. E.g.,
> make it use V5 keytabs, no extra crap, etc etc. I'm starting to see
I agree. Releasing a magic aklog that understands how to do something that
isn't a krb5 ticket doesn't seem to fill the bill.
> more and more sites setting up global "No Kerberos V4" policies, so
> the closer we get to AFS being full Kerberos 5 (I'm happy with rxkad 2b,
> but of course I'd like something better :-) ), the better off we are.
In any case, I won't release mine. I have no interest in getting into the
aklog business.