[OpenAFS] Kerberos 5, AFS, and no krb524d
Douglas E. Engert
deengert@anl.gov
Fri, 06 Jun 2003 15:55:32 -0500
Ken Hornstein wrote:
>
> >> aklog ends up being a real pain in the ass piece of software. It's tied
> >> to both your Kerberos implementation _and_ your AFS implementation. Just
> >> compiling it can be a challenge.
> >
> >Dare I say gssapi again?
>
> So, you need to link in your GSSAPI implementation, which requires you to
> link in your Kerberos implementation ...
This is currently shared libs, but could be a dynamic link too.
The point being the code includes no Kerberos header files (It needs a gssapi.h),
and no Kerberos API issues.
There is still a trade off. The gssklog requires a server to return the token.
If there could be a aklog that did not require a krb524d, at least for the
Kerberos world this would be preferable from a performance point of view.
But then again, if a gssklog could use the MS SSPI, then you would not need
a separate Kerberos on the client, unless the AFS client itself required
it.
>
> --Ken
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444