[OpenAFS] One more plea for a transparent Krb5 implementation
of klog
Derrick J Brashear
shadow@dementia.org
Wed, 27 Apr 2005 17:19:37 -0400 (EDT)
On Wed, 27 Apr 2005, John Tang Boyland wrote:
> ] What cell specific information do you think is required?
> ] Why does Kerberos 5 need to know about it?
>
> Last summer (or was it 2003?), I seriously looked into transitioning
> our kaserver-based cell to krb5. The transition kit was out of date
> and required aklog (not provided)
the transition kit has always been the source for aklog, actually, so if
it's not provided there, i'm not sure where you'd have gotten it.
> If in the meantime, Unix OpenAFS has gotten to the point that one can
> have an empty krb5.conf then I think my request is mostly answered.
well, you can within certain constraints, but i bet you don't like them
(dns records and a kerberos 5 which honors them linked into aklog)
or
name your kdc "kerberos.your.realm"
> Are we really there yet?
We were there a long time ago, if you were willing to do one or the other
of the above.