[OpenAFS] Kerberos 5, AFS, and no krb524d

Derrick J Brashear shadow@dementia.org
Mon, 9 Jun 2003 00:02:50 -0400 (EDT)


On Mon, 9 Jun 2003, Ken Hornstein wrote:

> >Well, it should be as long as it matches the AFS key on your AFS servers
> >(kvno and key). But "not needing krb524" is currently the same as
> >otherwise: only if you transmogrify the ticket somehow, namely, stripping
> >all but the encrypted part.
>
> I know we had the "apple versus papya" discussion about this earlier,
> but I think we're talking past each other.  There really _is_ no
> transmogrification w.r.t getting the encrypted part of the V5
> ticket, because the encrypted part of the V5 ticket really is the
> only thing you can _call_ a ticket.  A small distinction, yes, but
> it's not like you're performing open-heart surgery; it's more akin
> to picking a carrot and cutting off the end.  I don't think it's really
> a huge deal, but I guess we'll have to agree to disagree on this one.

Fine. But the point remains that neither solution *needs* krb524 any more
than the other. krb4 is dead, "krb524" is just an unfortunate name for
"krb5 ticket transmogrifier service" or whatever you want to call it.