[OpenAFS] When Using Kerberos5 is klog necessary?
Derek Atkins
warlord@MIT.EDU
Thu, 01 Jan 2004 13:59:54 -0500
Russ Allbery <rra@stanford.edu> writes:
> We're still using independent, synchronized K4 and K5 realms, so our kinit
> is configured to separately obtain K4 and K5 tickets and then run a
> standard K4 aklog. But as soon as we switch over to using the various
> fakeka-related stuff, we can turn off krb4_get_tickets and switch aklog
> versions.
I dont understand -- why does the aklog version have anything to do
with getting fakeka up and running? You could just switch to a krb5
aklog (and krb524d) piecemeal, as aklog doesn't use ka in any way,
shape, or form. So, what's fakeka got to do with it? Sure, you can't
deprecate the krb4 KDC, but that's a completely separable problem.
You can remove the krb4 requirement from your Unices with a simple
change in aklog version.
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available