[OpenAFS] Kerberos 5, AFS, and no krb524d
Derrick J Brashear
shadow@dementia.org
Fri, 6 Jun 2003 15:02:29 -0400 (EDT)
On Fri, 6 Jun 2003, Ken Hornstein wrote:
> >I agree. Releasing a magic aklog that understands how to do something that
> >isn't a krb5 ticket doesn't seem to fill the bill.
>
> Hm? I'm not sure I understand. This _is_ a V5 ticket we're putting in
> the kernel for the cache manager. I know about the backwards compatability
> issues with older cells, and I don't have a good answer on how to deal
> with that yet. But if we consider aklog part of the client program, that's
> easy for non-KDC admins to deal with.
No, it's part of a krb5 ticket: the encrypted part. If it were a krb5
ticket you could krb5_get_credentials something and stuff it into the
kernel (probably with a header) and be done.