[OpenAFS] Kerberos 5, AFS, and no krb524d

Ken Hornstein kenh@cmf.nrl.navy.mil
Fri, 06 Jun 2003 15:00:24 -0400


>> Integration of AFS and Kerberos 5 has always been tricky for the novice,
>> because you need to do extra stuff to make it work (I know the reasons for
>> this, but maybe I just like to complain :-) ).  I think the closer we
>> get to AFS being "just another" Kerberos service, the better.  E.g.,
>> make it use V5 keytabs, no extra crap, etc etc.  I'm starting to see
>
>I agree. Releasing a magic aklog that understands how to do something that
>isn't a krb5 ticket doesn't seem to fill the bill.

Hm?  I'm not sure I understand.  This _is_ a V5 ticket we're putting in
the kernel for the cache manager.  I know about the backwards compatability
issues with older cells, and I don't have a good answer on how to deal
with that yet.  But if we consider aklog part of the client program, that's
easy for non-KDC admins to deal with.

--Ken